CVE-2022-50801 MEDIUM

CVE-2022-50801: JM-DATA ONU JF511-TV 1.0.67 Authenticated Stored Cross-Site Scripting (XSS) Vulnerability

Vendor Jm-Data Onu

Product JF511-TV

Weakness CWE-79 · XSS

Published December 30, 2025

Last update January 2, 2026

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

JM-DATA ONU JF511-TV version 1.0.67 is vulnerable to authenticated stored cross-site scripting (XSS) attacks, allowing attackers with authenticated access to inject malicious scripts that will be executed in other users' browsers when they view the affected content.

Key dates

02Disclosure timeline

December 30, 2025 CVE published

January 2, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-50801

Related vulnerabilities

04Related CVE

CVE-2023-27489 Stored cross site scripting via SVG file upload in Kiwi TCMS CVE-2024-32468 Improper neutralization of input during web page generation ("Cross-site Scripting") in deno_doc HTML generator CVE-2025-57887 WordPress Jobmonster Theme <= 4.8.0 - Cross Site Scripting (XSS) Vulnerability CVE-2025-40901 HTML injection in Credentials Manager in Guardian/CMC before 26.1.0 CVE-2024-52347 WordPress Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera plugin <= 4.0 - Cross Site Scripting (XSS) vulnerability

Identifiers

CVE CVE-2022-50801

CWE CWE-79

CVSS 5.1 / MEDIUM

Affected versions

Vendor Jm-Data Onu

Product JF511-TV

Affected 1.0.67

Vendor Jm-Data Onu

Product JF511-TV

Affected 1.0.62

Vendor Jm-Data Onu

Product JF511-TV

Affected 1.0.55