Organizr: XSS Vulnerability

Created on 18 Dec 2019  路  1Comment  路  Source: causefx/Organizr

Organizr Version: 2.0.325
Branch: v2-master
WebServer: Nginx
Operating System: Ubuntu

Problem Description:

Organizr is vulnerable to XSS attacks
This is a pretty serious security concern for users.
Suggest supporting Content-Security-Policy: script-src 'self' and relying less on inline scripts.


Reproduction Steps:

For example append ?error= to the URL of a hosted organizr setup.


Errors on screen? If so paste here:


Most helpful comment

CSP is set using the webserver.
I'll sanitize the rest.

>All comments

CSP is set using the webserver.
I'll sanitize the rest.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

JimboJamez picture JimboJamez  路  6Comments

silentArtifact picture silentArtifact  路  3Comments

that1guy picture that1guy  路  5Comments

xavier84 picture xavier84  路  5Comments

mishac picture mishac  路  4Comments