Joget Dx Security Vulnerabilities in 2026

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Joget Dx.

By the Year

In 2026 there have been 0 vulnerabilities in Joget Dx. Joget Dx did not have any published security vulnerabilities last year.

Year	Vulnerabilities	Average Score
2026	0	0.00
2025	0	0.00
2024	0	0.00
2023	0	0.00
2022	3	5.87

It may take a day or so for new Joget Dx vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Joget Dx Security Vulnerabilities

XSS in Joget 7.0.33 User Profile Menu (before 7.0.34)
CVE-2022-4859 6.1 - Medium - December 30, 2022

A vulnerability, which was classified as problematic, has been found in Joget up to 7.0.33. This issue affects the function submitForm of the file wflow-core/src/main/java/org/joget/plugin/enterprise/UserProfileMenu.java of the component User Profile Menu. The manipulation of the argument firstName/lastName leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 7.0.34 is able to address this issue. The patch is named 9a77f508a2bf8cf661d588f37a4cc29ecaea4fc8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217055.

XSS

Joget 7.0.31 XSS via wflow-core getInternalJsCssLib
CVE-2022-4560 6.1 - Medium - December 16, 2022

A vulnerability was found in Joget up to 7.0.31. It has been rated as problematic. This issue affects the function getInternalJsCssLib of the file wflow-core/src/main/java/org/joget/plugin/enterprise/UniversalTheme.java of the component wflow-core. The manipulation of the argument key leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 7.0.32 is able to address this issue. The name of the patch is ecf8be8f6f0cb725c18536ddc726d42a11bdaa1b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215963.

XSS

Joget DX 7 was discovered to contain a cross-site scripting (XSS) vulnerability
CVE-2022-26197 5.4 - Medium - March 25, 2022

Joget DX 7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Datalist table.

XSS

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Joget Dx or by Joget? Click the Watch button to subscribe.

Joget
Vendor

Joget Dx
Product

Joget Dx

Don't miss out!

By the Year

Recent Joget Dx Security Vulnerabilities

XSS in Joget 7.0.33 User Profile Menu (before 7.0.34) CVE-2022-4859 6.1 - Medium - December 30, 2022

Joget 7.0.31 XSS via wflow-core getInternalJsCssLib CVE-2022-4560 6.1 - Medium - December 16, 2022

Joget DX 7 was discovered to contain a cross-site scripting (XSS) vulnerability CVE-2022-26197 5.4 - Medium - March 25, 2022