CVE-2022-1345
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-1345
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1345.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-1345
- Published
- 2022-04-13T18:10:18Z
- Modified
- 2025-12-04T10:02:11.853669Z
- Severity
-
- 9.0 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- Stored XSS viva .svg file upload in causefx/organizr
- Details
-
Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.
- Database specific
{ "cna_assigner": "@huntrdev", "cwe_ids": [ "CWE-434" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/1xxx/CVE-2022-1345.json" }- References
Affected packages
Git / github.com/causefx/organizr
Affected ranges
- Type
- GIT
- Repo
- https://github.com/causefx/organizr
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.9
0.91
0.92
0.93
0.931
0.932
0.95
0.96
0.97
0.98
0.985
0.99
0.994
0.995
0.997
0.998
0.999
0.9998
0.9999
0.99991
0.99992
0.99993
0.99994
0.99995
0.99996
0.99997
0.99998
1.*
1.0
1.01
1.05
1.08
1.10
1.15
1.18
1.20
1.21
1.22
1.25
1.28
1.29
1.30
1.31
1.32
1.321
1.322
1.323
1.34
1.341
1.342
1.343
1.344
1.35
1.36
1.37
1.38
1.40
1.42
1.44
1.50