CVE-2022-47877

MEDIUM

Jedox - XSS

Title source: rule

Description

A Stored cross-site scripting vulnerability in Jedox 2020.2.5 allows remote, authenticated users to inject arbitrary web script or HTML in the Logs page via the log module 'log'.

Exploits (1)

exploitdb WORKING POC

by Team Syslifters · textwebappsphp

https://www.exploit-db.com/exploits/51425

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/172153/Jedox-2020.2.5-Cross-Site-Scripting.html

[Exploit, Third Party Advisory] https://docs.syslifters.com/assets/vulnerability-disclosure/Vulnerability-Disclosure-Jedox-Jedox-04-2023.pdf

Scores

CVSS v3 5.4

EPSS 0.0167

EPSS Percentile 82.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

jedox/jedox 2020.2.5

Published May 02, 2023

Tracked Since Feb 18, 2026