ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail.
References
Link | Resource |
---|---|
https://github.com/ToolJet/ToolJet/commit/431dc961cdfe4d26343d1c1c951ced778fbddb58 | Patch Third Party Advisory |
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23068 | Exploit Third Party Advisory |
Configurations
History
27 Jun 2023, 19:00
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-79 |
26 May 2022, 17:11
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23068 - Exploit, Third Party Advisory | |
References | (CONFIRM) https://github.com/ToolJet/ToolJet/commit/431dc961cdfe4d26343d1c1c951ced778fbddb58 - Patch, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 5.4 |
CPE | cpe:2.3:a:tooljet:tooljet:*:*:*:*:*:*:*:* |
18 May 2022, 15:19
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-05-18 14:15
Updated : 2024-02-04 22:29
NVD link : CVE-2022-23068
Mitre link : CVE-2022-23068
CVE.ORG link : CVE-2022-23068
JSON object : View
Products Affected
tooljet
- tooljet