A vulnerability, which was classified as problematic, has been found in Joget up to 7.0.33. This issue affects the function submitForm of the file wflow-core/src/main/java/org/joget/plugin/enterprise/UserProfileMenu.java of the component User Profile Menu. The manipulation of the argument firstName/lastName leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 7.0.34 is able to address this issue. The patch is named 9a77f508a2bf8cf661d588f37a4cc29ecaea4fc8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217055.
References
Link | Resource |
---|---|
https://github.com/jogetworkflow/jw-community/commit/9a77f508a2bf8cf661d588f37a4cc29ecaea4fc8 | Patch |
https://github.com/jogetworkflow/jw-community/releases/tag/7.0.34 | Release Notes |
https://vuldb.com/?ctiid.217055 | Permissions Required |
https://vuldb.com/?id.217055 | Third Party Advisory |
Configurations
History
29 Oct 2023, 03:08
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-79 | |
References | (MISC) https://vuldb.com/?ctiid.217055 - Permissions Required |
20 Oct 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
CWE | ||
Summary | A vulnerability, which was classified as problematic, has been found in Joget up to 7.0.33. This issue affects the function submitForm of the file wflow-core/src/main/java/org/joget/plugin/enterprise/UserProfileMenu.java of the component User Profile Menu. The manipulation of the argument firstName/lastName leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 7.0.34 is able to address this issue. The patch is named 9a77f508a2bf8cf661d588f37a4cc29ecaea4fc8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217055. |
Information
Published : 2022-12-30 12:15
Updated : 2024-05-17 02:16
NVD link : CVE-2022-4859
Mitre link : CVE-2022-4859
CVE.ORG link : CVE-2022-4859
JSON object : View
Products Affected
joget
- joget_dx
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')