Vulnerability-Lookup

CVE-2022-50801 (GCVE-0-2022-50801)

Vulnerability from cvelistv5 – Published: 2025-12-30 22:41 – Updated: 2026-01-02 21:21

Title

JM-DATA ONU JF511-TV 1.0.67 Authenticated Stored Cross-Site Scripting (XSS) Vulnerability

Summary

JM-DATA ONU JF511-TV version 1.0.67 is vulnerable to authenticated stored cross-site scripting (XSS) attacks, allowing attackers with authenticated access to inject malicious scripts that will be executed in other users' browsers when they view the affected content.

Severity

5.1 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

VulnCheck

References

6 references

URL	Tags
https://www.zeroscience.mk/en/vulnerabilities/ZSL…	third-party-advisory
https://packetstormsecurity.com/files/167487/	exploit
https://cxsecurity.com/issue/WLB-2022060058	third-party-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entry
https://www.jm-data.com/	product
https://www.vulncheck.com/advisories/jm-data-onu-…	third-party-advisory

Impacted products

1 product

Vendor	Product	Version
JM-DATA ONU	JF511-TV	Affected: 1.0.67 Affected: 1.0.62 Affected: 1.0.55

Date Public

2022-06-14 00:00

Credits

Neurogenesia

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-50801",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-02T21:21:40.938189Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-02T21:21:47.667Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "JF511-TV",
          "vendor": "JM-DATA ONU",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.67"
            },
            {
              "status": "affected",
              "version": "1.0.62"
            },
            {
              "status": "affected",
              "version": "1.0.55"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Neurogenesia"
        }
      ],
      "datePublic": "2022-06-14T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "JM-DATA ONU JF511-TV version 1.0.67 is vulnerable to authenticated stored cross-site scripting (XSS) attacks, allowing attackers with authenticated access to inject malicious scripts that will be executed in other users\u0027 browsers when they view the affected content."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS"
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-30T22:41:41.205Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "Zero Science Lab Disclosure (ZSL-2022-5708)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5708.php"
        },
        {
          "name": "Packet Storm Security Exploit Entry",
          "tags": [
            "exploit"
          ],
          "url": "https://packetstormsecurity.com/files/167487/"
        },
        {
          "name": "CXSecurity Vulnerability Listing",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://cxsecurity.com/issue/WLB-2022060058"
        },
        {
          "name": "IBM X-Force Vulnerability Exchange Entry",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229343"
        },
        {
          "name": "JM-DATA Vendor Homepage",
          "tags": [
            "product"
          ],
          "url": "https://www.jm-data.com/"
        },
        {
          "name": "VulnCheck Advisory: JM-DATA ONU JF511-TV 1.0.67 Authenticated Stored Cross-Site Scripting (XSS) Vulnerability",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/jm-data-onu-jf-tv-authenticated-stored-cross-site-scripting-xss-vulnerability"
        }
      ],
      "title": "JM-DATA ONU JF511-TV 1.0.67 Authenticated Stored Cross-Site Scripting (XSS) Vulnerability",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2022-50801",
    "datePublished": "2025-12-30T22:41:41.205Z",
    "dateReserved": "2025-12-27T13:53:29.754Z",
    "dateUpdated": "2026-01-02T21:21:47.667Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-50801",
      "date": "2026-05-25",
      "epss": "0.00066",
      "percentile": "0.20324"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-50801\",\"sourceIdentifier\":\"disclosure@vulncheck.com\",\"published\":\"2025-12-30T23:15:47.470\",\"lastModified\":\"2025-12-31T20:42:43.210\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"JM-DATA ONU JF511-TV version 1.0.67 is vulnerable to authenticated stored cross-site scripting (XSS) attacks, allowing attackers with authenticated access to inject malicious scripts that will be executed in other users\u0027 browsers when they view the affected content.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"PASSIVE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"LOW\",\"subIntegrityImpact\":\"LOW\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"references\":[{\"url\":\"https://cxsecurity.com/issue/WLB-2022060058\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/229343\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://packetstormsecurity.com/files/167487/\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://www.jm-data.com/\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://www.vulncheck.com/advisories/jm-data-onu-jf-tv-authenticated-stored-cross-site-scripting-xss-vulnerability\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5708.php\",\"source\":\"disclosure@vulncheck.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-50801\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-02T21:21:40.938189Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-02T21:21:44.043Z\"}}], \"cna\": {\"title\": \"JM-DATA ONU JF511-TV 1.0.67 Authenticated Stored Cross-Site Scripting (XSS) Vulnerability\", \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Neurogenesia\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 5.1, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"PASSIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"LOW\", \"vulnConfidentialityImpact\": \"LOW\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"JM-DATA ONU\", \"product\": \"JF511-TV\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.67\"}, {\"status\": \"affected\", \"version\": \"1.0.62\"}, {\"status\": \"affected\", \"version\": \"1.0.55\"}]}], \"datePublic\": \"2022-06-14T00:00:00.000Z\", \"references\": [{\"url\": \"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5708.php\", \"name\": \"Zero Science Lab Disclosure (ZSL-2022-5708)\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://packetstormsecurity.com/files/167487/\", \"name\": \"Packet Storm Security Exploit Entry\", \"tags\": [\"exploit\"]}, {\"url\": \"https://cxsecurity.com/issue/WLB-2022060058\", \"name\": \"CXSecurity Vulnerability Listing\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/229343\", \"name\": \"IBM X-Force Vulnerability Exchange Entry\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://www.jm-data.com/\", \"name\": \"JM-DATA Vendor Homepage\", \"tags\": [\"product\"]}, {\"url\": \"https://www.vulncheck.com/advisories/jm-data-onu-jf-tv-authenticated-stored-cross-site-scripting-xss-vulnerability\", \"name\": \"VulnCheck Advisory: JM-DATA ONU JF511-TV 1.0.67 Authenticated Stored Cross-Site Scripting (XSS) Vulnerability\", \"tags\": [\"third-party-advisory\"]}], \"x_generator\": {\"engine\": \"vulncheck\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"JM-DATA ONU JF511-TV version 1.0.67 is vulnerable to authenticated stored cross-site scripting (XSS) attacks, allowing attackers with authenticated access to inject malicious scripts that will be executed in other users\u0027 browsers when they view the affected content.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"shortName\": \"VulnCheck\", \"dateUpdated\": \"2025-12-30T22:41:41.205Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-50801\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-02T21:21:47.667Z\", \"dateReserved\": \"2025-12-27T13:53:29.754Z\", \"assignerOrgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"datePublished\": \"2025-12-30T22:41:41.205Z\", \"assignerShortName\": \"VulnCheck\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2022-50801

Vulnerability from fkie_nvd - Published: 2025-12-30 23:15 - Updated: 2026-04-15 00:35

Severity

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Summary

References

	URL	Tags
	disclosure@vulncheck.com	https://cxsecurity.com/issue/WLB-2022060058
	disclosure@vulncheck.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/229343
	disclosure@vulncheck.com	https://packetstormsecurity.com/files/167487/
	disclosure@vulncheck.com	https://www.jm-data.com/
	disclosure@vulncheck.com	https://www.vulncheck.com/advisories/jm-data-onu-jf-tv-authenticated-stored-cross-site-scripting-xss-vulnerability
	disclosure@vulncheck.com	https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5708.php

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "JM-DATA ONU JF511-TV version 1.0.67 is vulnerable to authenticated stored cross-site scripting (XSS) attacks, allowing attackers with authenticated access to inject malicious scripts that will be executed in other users\u0027 browsers when they view the affected content."
    },
    {
      "lang": "es",
      "value": "JM-DATA ONU JF511-TV versi\u00f3n 1.0.67 es vulnerable a ataques de cross-site scripting (XSS) almacenado autenticado, lo que permite a los atacantes con acceso autenticado inyectar scripts maliciosos que se ejecutar\u00e1n en los navegadores de otros usuarios cuando visualicen el contenido afectado."
    }
  ],
  "id": "CVE-2022-50801",
  "lastModified": "2026-04-15T00:35:42.020",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "disclosure@vulncheck.com",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 5.1,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "LOW",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "LOW",
          "subIntegrityImpact": "LOW",
          "userInteraction": "PASSIVE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "LOW",
          "vulnIntegrityImpact": "LOW",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "disclosure@vulncheck.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-12-30T23:15:47.470",
  "references": [
    {
      "source": "disclosure@vulncheck.com",
      "url": "https://cxsecurity.com/issue/WLB-2022060058"
    },
    {
      "source": "disclosure@vulncheck.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229343"
    },
    {
      "source": "disclosure@vulncheck.com",
      "url": "https://packetstormsecurity.com/files/167487/"
    },
    {
      "source": "disclosure@vulncheck.com",
      "url": "https://www.jm-data.com/"
    },
    {
      "source": "disclosure@vulncheck.com",
      "url": "https://www.vulncheck.com/advisories/jm-data-onu-jf-tv-authenticated-stored-cross-site-scripting-xss-vulnerability"
    },
    {
      "source": "disclosure@vulncheck.com",
      "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5708.php"
    }
  ],
  "sourceIdentifier": "disclosure@vulncheck.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "disclosure@vulncheck.com",
      "type": "Primary"
    }
  ]
}

GHSA-2V4H-C2W7-48PW

Vulnerability from github – Published: 2025-12-31 00:31 – Updated: 2025-12-31 00:31

Details

Severity

4.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

5.1 (Medium)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-50801"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-30T23:15:47Z",
    "severity": "MODERATE"
  },
  "details": "JM-DATA ONU JF511-TV version 1.0.67 is vulnerable to authenticated stored cross-site scripting (XSS) attacks, allowing attackers with authenticated access to inject malicious scripts that will be executed in other users\u0027 browsers when they view the affected content.",
  "id": "GHSA-2v4h-c2w7-48pw",
  "modified": "2025-12-31T00:31:10Z",
  "published": "2025-12-31T00:31:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50801"
    },
    {
      "type": "WEB",
      "url": "https://cxsecurity.com/issue/WLB-2022060058"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229343"
    },
    {
      "type": "WEB",
      "url": "https://packetstormsecurity.com/files/167487"
    },
    {
      "type": "WEB",
      "url": "https://www.jm-data.com"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/jm-data-onu-jf-tv-authenticated-stored-cross-site-scripting-xss-vulnerability"
    },
    {
      "type": "WEB",
      "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5708.php"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-50801 (GCVE-0-2022-50801)

FKIE_CVE-2022-50801

GHSA-2V4H-C2W7-48PW

Tags

Sightings

Nomenclature