crocoblock JetEngine Cross-Site Scripting Vulnerability (CNVD-2022-05012)

2021-12-1900:00:00

China National Vulnerability Database

www.cnvd.org.cn

crocoblock jetengine

cross-site scripting

vulnerability

version 2.9.1

data validation

filtering

user-supplied data

javascript code

client side

EPSS

0.001

Percentile

22.7%

JSON

crocoblock JetEngine is a dynamic content plugin that allows you to build complex websites quickly and cost-effectively. crocoblock JetEngine prior to version 2.9.1 is vulnerable to a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and output in the username field. An attacker could exploit the vulnerability to execute JavaScript code on the client side.

EPSS

0.001

Percentile

22.7%

JSON

Related for CNVD-2022-05012