CVE-2022-4560

Name of the Vulnerable Software and Affected Versions Joget versions up to 7.0.31

Description A vulnerability was found in the function getInternalJsCssLib of the file wflow-core/src/main/java/org/joget/plugin/enterprise/UniversalTheme.java of the component wflow-core. The manipulation of the argument key leads to cross-site scripting. The attack may be initiated remotely.

Recommendations For Joget versions up to 7.0.31, upgrade to version 7.0.32 to address this issue. As a temporary workaround, consider restricting access to the getInternalJsCssLib function until the patch is applied. Avoid manipulating the key argument in the affected component to minimize the risk of exploitation.