CVE-2022-47877

MEDIUM

Jedox 2020.2.5 - Authenticated Stored Cross-Site Scripting via Log Module

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-47877. PoCs published by Team Syslifters.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in Jedox 2020.2.5 and older versions. The attacker injects an XSS payload into the log module via a POST request to /ub/ccmd, which is then triggered when viewing the logs page.

Description

A Stored cross-site scripting vulnerability in Jedox 2020.2.5 allows remote, authenticated users to inject arbitrary web script or HTML in the Logs page via the log module 'log'.

Exploits (1)

exploitdb WORKING POC

by Team Syslifters · textwebappsphp

https://www.exploit-db.com/exploits/51425

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in Jedox 2020.2.5 and older versions. The attacker injects an XSS payload into the log module via a POST request to /ub/ccmd, which is then triggered when viewing the logs page.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Jedox 2020.2 (20.2.5) and older

Auth required

Prerequisites: Authenticated access to the Jedox application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory, VDB Entry

http://packetstormsecurity.com/files/172153/Jedox-2020.2.5-Cross-Site-Scripting.html

Exploit, Third Party Advisory

https://docs.syslifters.com/assets/vulnerability-disclosure/Vulnerability-Disclosure-Jedox-Jedox-04-2023.pdf

Scores

CVSS v3 5.4

EPSS 0.0263

EPSS Percentile 83.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-79

Status published

Products (1)

jedox/jedox 2020.2.5

Published May 02, 2023

Tracked Since Feb 18, 2026