CVE-2022-4859

🗓️ 30 Dec 2022 11:38:11Reported by VulDBType

A cross site scripting vulnerability in Joget up to 7.0.33 allows remote attackers to manipulate firstName/lastName argument via submitForm function in UserProfileMenu.java. Upgrade to 7.0.34 to mitigate. (CVE-2022-4859

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2022-4859	30 Dec 202214:14	–	circl
CNNVD	Joget 跨站脚本漏洞	30 Dec 202200:00	–	cnnvd
Cvelist	CVE-2022-4859 Joget User Profile Menu UserProfileMenu.java submitForm cross site scripting	30 Dec 202211:38	–	cvelist
EUVD	EUVD-2022-52125	3 Oct 202520:07	–	euvd
NVD	CVE-2022-4859	30 Dec 202212:15	–	nvd
Prion	Cross site scripting	30 Dec 202212:15	–	prion
Positive Technologies	PT-2022-28145 · Joget · Joget	30 Dec 202200:00	–	ptsecurity
RedhatCVE	CVE-2022-4859	23 May 202500:19	–	redhatcve

NVD

Vulners

Node

joget joget_dxRange7.0.1–7.0.34

[
  {
    "vendor": "n/a",
    "product": "Joget",
    "versions": [
      {
        "version": "7.0.0",
        "status": "affected"
      },
      {
        "version": "7.0.1",
        "status": "affected"
      },
      {
        "version": "7.0.2",
        "status": "affected"
      },
      {
        "version": "7.0.3",
        "status": "affected"
      },
      {
        "version": "7.0.4",
        "status": "affected"
      },
      {
        "version": "7.0.5",
        "status": "affected"
      },
      {
        "version": "7.0.6",
        "status": "affected"
      },
      {
        "version": "7.0.7",
        "status": "affected"
      },
      {
        "version": "7.0.8",
        "status": "affected"
      },
      {
        "version": "7.0.9",
        "status": "affected"
      },
      {
        "version": "7.0.10",
        "status": "affected"
      },
      {
        "version": "7.0.11",
        "status": "affected"
      },
      {
        "version": "7.0.12",
        "status": "affected"
      },
      {
        "version": "7.0.13",
        "status": "affected"
      },
      {
        "version": "7.0.14",
        "status": "affected"
      },
      {
        "version": "7.0.15",
        "status": "affected"
      },
      {
        "version": "7.0.16",
        "status": "affected"
      },
      {
        "version": "7.0.17",
        "status": "affected"
      },
      {
        "version": "7.0.18",
        "status": "affected"
      },
      {
        "version": "7.0.19",
        "status": "affected"
      },
      {
        "version": "7.0.20",
        "status": "affected"
      },
      {
        "version": "7.0.21",
        "status": "affected"
      },
      {
        "version": "7.0.22",
        "status": "affected"
      },
      {
        "version": "7.0.23",
        "status": "affected"
      },
      {
        "version": "7.0.24",
        "status": "affected"
      },
      {
        "version": "7.0.25",
        "status": "affected"
      },
      {
        "version": "7.0.26",
        "status": "affected"
      },
      {
        "version": "7.0.27",
        "status": "affected"
      },
      {
        "version": "7.0.28",
        "status": "affected"
      },
      {
        "version": "7.0.29",
        "status": "affected"
      },
      {
        "version": "7.0.30",
        "status": "affected"
      },
      {
        "version": "7.0.31",
        "status": "affected"
      },
      {
        "version": "7.0.32",
        "status": "affected"
      },
      {
        "version": "7.0.33",
        "status": "affected"
      }
    ],
    "modules": [
      "User Profile Menu"
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
github	www.github.com/jogetworkflow/jw-community/releases/tag/7.0.34
github	www.github.com/jogetworkflow/jw-community/commit/9a77f508a2bf8cf661d588f37a4cc29ecaea4fc8
vuldb	www.vuldb.com/

21 Nov 2024 07:36Current

4.8Medium risk

Vulners AI Score4.8

CVSS 3.13.5 - 6.1

CVSS 24

CVSS 33.5

EPSS0.00246

CWE-79