Butterfly Organizer is prone to multiple cross-site scripting and an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Butterfly Organizer 2.0.1 is vulnerable other versions may also be affected.