Stored XSS in "Tab Image" and "Group Image" in causefx/organizr

Valid

Reported on

May 24th 2022


Description

The organizr application allows malicious javascript payload in the "Tab Image" and "Group Image" for which its leads to stored XSS.

Proof of Concept 1

1.Login to the co-admin account and go to "Settings" -> "Tab Editor".

2.Now click on "Tabs" -> "Add New Tab" and filled all the details.

3.Then in "Tab Image" insert the payload "><img src=x onerror=alert(document.cookie)> and click on Add Tab

Proof of Concept 2

1.Login to the co-admin account and go to "Settings" -> "User Management" -> "Manage Groups".

2.Now click on "Add New Group" and filled all the details.

3.Then in "Group Image" insert the payload "><img src=x onerror=alert(document.location)> and click on Add Group

Video PoC

https://drive.google.com/file/d/1P6-Zq5D55EegVjfeLNtwG-7bU0_6mexn/view?usp=sharing

Impact

This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.

We are processing your report and will contact the causefx/organizr team within 24 hours. a year ago
SAMPRIT DAS modified the report
a year ago
We have contacted a member of the causefx/organizr team and are waiting to hear back a year ago
causefx validated this vulnerability a year ago
SAMPRIT DAS has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
causefx marked this as fixed in 2.1.2200 with commit d5245c a year ago
causefx has been awarded the fix bounty
This vulnerability will not receive a CVE
SAMPRIT DAS
a year ago

Researcher


@admin as the fix has been deployed can you assign CVE for this report?

to join this conversation