Platform
php
Component
organizr
Opgelost in
2.1.1810
CVE-2022-1344 describes a stored Cross-Site Scripting (XSS) vulnerability present in organizr versions up to 2.1.1810. This vulnerability arises from a lack of proper sanitization when handling filenames within the application. Successful exploitation allows attackers to inject malicious scripts into a user's browser, potentially leading to severe consequences. A patch is available in version 2.1.1810.
The impact of this XSS vulnerability is significant. An attacker can leverage it to execute arbitrary JavaScript code within the context of a victim's browser session. This can lead to a variety of malicious actions, including session hijacking, where the attacker gains control of the user's account. Sensitive data, such as personal information or financial details, could be exposed or stolen. Furthermore, the attacker could potentially redirect users to malicious websites or deface the application's interface. The lack of sanitization makes this a high-risk vulnerability, as it's relatively easy to exploit.
CVE-2022-1344 was publicly disclosed on April 13, 2022. While no active exploitation campaigns have been definitively linked to this specific vulnerability, the ease of exploitation and the potential impact make it a likely target for opportunistic attackers. No public proof-of-concept (PoC) code has been widely released, but the vulnerability is straightforward to reproduce given the lack of sanitization. It is not currently listed on CISA KEV.
Organizations using organizr in their workflows, particularly those handling sensitive data or user accounts, are at risk. Shared hosting environments where multiple users share the same server instance are especially vulnerable, as an attacker exploiting this vulnerability on one user's account could potentially compromise other accounts on the same server.
• php: Examine application logs for unusual activity related to file uploads, specifically looking for filenames containing suspicious characters or script tags. Use grep to search for patterns like <script> or onerror=.
grep -r '<script>' /var/log/apache2/access.log• generic web: Monitor HTTP requests for POST requests to file upload endpoints with unusual or malicious filenames in the Content-Disposition header. Use curl to test upload functionality with a known malicious filename.
curl -X POST -F "[email protected]" http://example.com/upload.phpdisclosure
Exploit Status
EPSS
0.37% (59% percentiel)
CVSS-vector
The primary mitigation for CVE-2022-1344 is to immediately upgrade to version 2.1.1810 or later. This version includes the necessary fixes to properly sanitize filenames and prevent the XSS vulnerability. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) rule to filter out potentially malicious filenames containing script tags or other XSS payloads. Additionally, carefully review and sanitize all user-supplied input, particularly filenames, within the application's codebase. After upgrading, confirm the fix by attempting to upload a file with a malicious filename (e.g., <script>alert('XSS')</script>.txt) and verifying that the script is not executed.
Actualice Organizr a la versión 2.1.1810 o superior. Esta versión contiene una corrección para la vulnerabilidad XSS almacenada en el nombre del archivo. La actualización evitará la ejecución de scripts maliciosos en el navegador del usuario.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2022-1344 is a critical stored XSS vulnerability in organizr versions 2.1.1810 and earlier, allowing attackers to inject malicious scripts through unsanitized filenames.
You are affected if you are using organizr version 2.1.1810 or earlier. Upgrade to version 2.1.1810 to resolve the vulnerability.
Upgrade to organizr version 2.1.1810 or later. Consider implementing a WAF rule to filter malicious filenames as a temporary workaround.
While no confirmed active exploitation campaigns have been publicly reported, the vulnerability's ease of exploitation makes it a potential target.
Refer to the organizr GitHub repository for updates and advisories: https://github.com/causefx/organizr
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.