Lucene search

K

Joget Security Vulnerabilities

cve
cve

CVE-2019-14352

In Joget Workflow 6.0.20, CSV Injection, also known as Formula Injection, exists, as demonstrated by jw/web/userview/crm_community/crm_userview_sales/_/account_new with the Account ID or Account Name field. NOTE: the vendor disputes the relevance of this finding because CSV is not the intended...

7.8CVSS

7.6AI Score

0.001EPSS

2019-07-28 05:15 PM
75
cve
cve

CVE-2022-4560

A vulnerability was found in Joget up to 7.0.31. It has been rated as problematic. This issue affects the function getInternalJsCssLib of the file wflow-core/src/main/java/org/joget/plugin/enterprise/UniversalTheme.java of the component wflow-core. The manipulation of the argument key leads to...

6.1CVSS

6AI Score

0.001EPSS

2022-12-16 05:15 PM
57
cve
cve

CVE-2022-4859

A vulnerability, which was classified as problematic, has been found in Joget up to 7.0.33. This issue affects the function submitForm of the file wflow-core/src/main/java/org/joget/plugin/enterprise/UserProfileMenu.java of the component User Profile Menu. The manipulation of the argument...

6.1CVSS

6AI Score

0.001EPSS

2022-12-30 12:15 PM
54
cve
cve

CVE-2022-26197

Joget DX 7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Datalist...

5.4CVSS

5.3AI Score

0.001EPSS

2022-03-25 09:15 PM
65