ToolJet - HTML Injection in Invite New User
CVE-2022-23068

5.4MEDIUM

Key Information:

Vendor: Tooljet
Status: Tooljet
Vendor: CVE Published:; 18 May 2022

What is CVE-2022-23068?

ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail.

Affected Version(s)

ToolJet 0.6.0

ToolJet <= 1.10.2

References

https://github.com/ToolJet/ToolJet/commit/431dc961cdfe4d2...

x_refsource_MISC

https://www.whitesourcesoftware.com/vulnerability-databas...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 18, 2022
Vulnerability Reserved
Jan 10, 2022

Credit

WhiteSource Vulnerability Research Team (WVR)

CVE-2022-23068 Data

JSON