CVE-2022-4859

Name of the Vulnerable Software and Affected Versions Joget versions up to 7.0.33

Description A problematic issue has been found in Joget, affecting the submitForm function of the UserProfileMenu component. The manipulation of the firstName/lastName arguments leads to cross-site scripting. The attack can be initiated remotely. Upgrading to version 7.0.34 addresses this issue.

Recommendations For Joget versions up to 7.0.33, upgrade to version 7.0.34 to address the issue. As a temporary workaround, consider restricting the use of the submitForm function in the UserProfileMenu component until the patch is applied.