Stored XSS in "Tab Image" and "Group Image" in causefx/organizr

Valid

Reported on

May 24th 2022

Description

The organizr application allows malicious javascript payload in the "Tab Image" and "Group Image" for which its leads to stored XSS.

Proof of Concept 1

1.Login to the co-admin account and go to "Settings" -> "Tab Editor".

2.Now click on "Tabs" -> "Add New Tab" and filled all the details.

3.Then in "Tab Image" insert the payload "><img src=x onerror=alert(document.cookie)> and click on Add Tab

Proof of Concept 2

1.Login to the co-admin account and go to "Settings" -> "User Management" -> "Manage Groups".

2.Now click on "Add New Group" and filled all the details.

3.Then in "Group Image" insert the payload "><img src=x onerror=alert(document.location)> and click on Add Group

Video PoC

https://drive.google.com/file/d/1P6-Zq5D55EegVjfeLNtwG-7bU0_6mexn/view?usp=sharing

Impact

This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.

We are processing your report and will contact the causefx/organizr team within 24 hours. a month ago
SAMPRIT DAS modified the report
a month ago
We have contacted a member of the causefx/organizr team and are waiting to hear back a month ago
causefx validated this vulnerability a month ago
SAMPRIT DAS has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
causefx confirmed that a fix has been merged on d5245c a month ago
causefx has been awarded the fix bounty
SAMPRIT DAS
a month ago

Researcher

@admin as the fix has been deployed can you assign CVE for this report?

to join this conversation