In Joget Workflow 6.0.20, CSV Injection, also known as Formula Injection, exists, as demonstrated by jw/web/userview/crm_community/crm_userview_sales/_/account_new with the Account ID or Account Name field. NOTE: the vendor disputes the relevance of this finding because CSV is not the intended expo...
7.8CVSS
7.6AI Score
0.001EPSS
Joget DX 7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Datalist table.
5.4CVSS
5.3AI Score
0.001EPSS
A vulnerability was found in Joget up to 7.0.31. It has been rated as problematic. This issue affects the function getInternalJsCssLib of the file wflow-core/src/main/java/org/joget/plugin/enterprise/UniversalTheme.java of the component wflow-core. The manipulation of the argument key leads to cros...
6.1CVSS
6AI Score
0.001EPSS
A vulnerability, which was classified as problematic, has been found in Joget up to 7.0.33. This issue affects the function submitForm of the file wflow-core/src/main/java/org/joget/plugin/enterprise/UserProfileMenu.java of the component User Profile Menu. The manipulation of the argument firstName...
6.1CVSS
6AI Score
0.001EPSS