CVE-2022-1344 – This stored cross-site scripting (XSS) vulnerab... (How to Fix)

Q: What is the severity of CVE-2022-1344?

CVE-2022-1344 has a CVSS score of 9.0 (CRITICAL). This stored cross-site scripting (XSS) vulnerability in Organizr allows attackers to inject malicious scripts via filenames, which are then executed in users' browsers. It affects all users of Organizr versions prior to 2.1.1810. Successful exploitation can lead to session hijacking, data theft, and complete compromise of user accounts.

📋 TL;DR

This stored cross-site scripting (XSS) vulnerability in Organizr allows attackers to inject malicious scripts via filenames, which are then executed in users' browsers. It affects all users of Organizr versions prior to 2.1.1810. Successful exploitation can lead to session hijacking, data theft, and complete compromise of user accounts.

💻 Affected Systems

Products:

Organizr

Versions: All versions prior to 2.1.1810

Operating Systems: All platforms running Organizr

Default Config Vulnerable: ⚠️ Yes

Notes: All installations using vulnerable versions are affected regardless of configuration.

📦 What is this software?

Organizr by Organizr

View all CVEs affecting Organizr →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal administrator credentials, take full control of the Organizr instance, access all connected services, and pivot to internal network systems.

🟠

Likely Case

Attackers hijack user sessions, steal authentication tokens, access sensitive data within Organizr, and potentially compromise connected services.

🟢

If Mitigated

With proper input validation and output encoding, malicious scripts are neutralized before execution, preventing any client-side impact.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires the ability to upload files with malicious filenames, which typically requires some level of access to the application.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.1.1810 and later

Vendor Advisory: https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a

Restart Required: Yes

Instructions:

1. Backup your Organizr configuration and data. 2. Update to version 2.1.1810 or later via the built-in updater or manual installation. 3. Restart the Organizr service. 4. Verify the update was successful by checking the version.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement a web application firewall or proxy that filters and sanitizes filename inputs before they reach Organizr.

Access Restriction

all

Restrict file upload capabilities to trusted users only and implement strict filename validation rules.

🧯 If You Can't Patch

Implement strict Content Security Policy (CSP) headers to prevent script execution from untrusted sources.
Disable file upload functionality entirely or restrict it to administrators only.

🔍 How to Verify

Check if Vulnerable:

Check your Organizr version via the web interface settings page or by examining the application files. If version is below 2.1.1810, you are vulnerable.

Check Version:

Check the Organizr web interface settings page or look for version information in the application's configuration files.

Verify Fix Applied:

After updating, verify the version is 2.1.1810 or higher and test by attempting to upload a file with a filename containing script tags to confirm sanitization.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads with suspicious filenames containing script tags or JavaScript code
Multiple failed upload attempts with malformed filenames

Network Indicators:

HTTP requests with filenames containing script tags in parameters
Unexpected JavaScript execution in browser sessions

SIEM Query:

source="organizr.log" AND (filename CONTAINS "<script>" OR filename CONTAINS "javascript:")

📊 Metadata

CVE ID: CVE-2022-1344

CVSS v3 Score: 9.0 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-79

Published: April 13, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a Patch,Third Party Advisory
https://huntr.dev/bounties/35f66966-af13-4f07-9734-0c50fdfc3a8c Exploit,Patch,Third Party Advisory
https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a Patch,Third Party Advisory
https://huntr.dev/bounties/35f66966-af13-4f07-9734-0c50fdfc3a8c Exploit,Patch,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-1344, you might also want to check these: