Unrated severityNVD Advisory· Published May 24, 2023· Updated Jan 17, 2025
CVE-2022-42225
CVE-2022-42225
Description
Jumpserver 2.10.0 <= version <= 2.26.0 contains multiple stored XSS vulnerabilities because of improper filtering of user input, which can execute any javascript under admin's permission.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: >=2.10.0, <=2.26.0
Patches
Vulnerability mechanics
References
5- gist.github.com/bybit-sec/eb750c1d906c89e97092b29015472738mitre
- github.com/jumpserver/lina/blob/v2.10.0/src/views/settings/SystemMessageSubscription/SelectDialog.vuemitre
- github.com/jumpserver/lina/blob/v2.11.0/src/layout/components/NavHeader/SiteMessages.vuemitre
- github.com/jumpserver/lina/blob/v2.26.0/src/views/tickets/components/Comments.vuemitre
- github.com/jumpserver/lina/pull/2264mitre
News mentions
0No linked articles in our index yet.