Joget Joget

  1. Vendors
  2. Joget

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Joget product.

RSS Feeds for Joget security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Joget products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Joget Sorted by Most Security Vulnerabilities since 2018

Joget Dx3 vulnerabilities

Joget Worfklow1 vulnerability

By the Year

In 2026 there have been 0 vulnerabilities in Joget. Joget did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2026 0 0.00
2025 0 0.00
2024 0 0.00
2023 0 0.00
2022 3 5.87
2021 0 0.00
2020 0 0.00
2019 1 0.00

It may take a day or so for new Joget vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Joget Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2022-4859 Dec 30, 2022
XSS in Joget 7.0.33 User Profile Menu (before 7.0.34) A vulnerability, which was classified as problematic, has been found in Joget up to 7.0.33. This issue affects the function submitForm of the file wflow-core/src/main/java/org/joget/plugin/enterprise/UserProfileMenu.java of the component User Profile Menu. The manipulation of the argument firstName/lastName leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 7.0.34 is able to address this issue. The patch is named 9a77f508a2bf8cf661d588f37a4cc29ecaea4fc8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217055.
Joget Dx
CVE-2022-4560 Dec 16, 2022
Joget 7.0.31 XSS via wflow-core getInternalJsCssLib A vulnerability was found in Joget up to 7.0.31. It has been rated as problematic. This issue affects the function getInternalJsCssLib of the file wflow-core/src/main/java/org/joget/plugin/enterprise/UniversalTheme.java of the component wflow-core. The manipulation of the argument key leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 7.0.32 is able to address this issue. The name of the patch is ecf8be8f6f0cb725c18536ddc726d42a11bdaa1b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215963.
Joget Dx
CVE-2022-26197 Mar 25, 2022
Joget DX 7 was discovered to contain a cross-site scripting (XSS) vulnerability Joget DX 7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Datalist table.
Joget Dx
CVE-2019-14352 Jul 28, 2019
In Joget Workflow 6.0.20 In Joget Workflow 6.0.20, CSV Injection, also known as Formula Injection, exists, as demonstrated by jw/web/userview/crm_community/crm_userview_sales/_/account_new with the Account ID or Account Name field. NOTE: the vendor disputes the relevance of this finding because CSV is not the intended export format for spreadsheet applications
Worfklow
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.