Stored XSS on add Group Name in causefx/organizr
Apr 12th 2022
XSS found on function add Group Name on User Management module at Organizr (2.1.1810).
Proof of Concept
- Go to User Management -> Manage Group
- Add new group
- Insert payload on "Group Name" field then Add Group
- "><script >alert("xss-here");</script>