Cross-site Scripting (XSS) - Stored in causefx/organizr
Sep 19th 2021
- I tested it with docker image for Organizr (hash
organizr/organizr latest 7fb764ccd226 4 weeks ago 73.3MB
- Branch is
Proof of Concept
- Create a new Tab and enter a name like
- Add all other relevenat properties
- Click on "Add Tab"
All people, who can edit a tab, can add a Cross-Site-Scripting in the Tab name. The Cross-Site-Scripting would run for all users, who can see this tab.