Cross-Site Scripting Vulnerability in ToolJet by FourCube
CVE-2022-27979

5.4MEDIUM

Key Information:

Vendor: Tooljet
Status: Tooljet
Vendor: CVE Published:; 26 April 2023

What is CVE-2022-27979?

A cross-site scripting vulnerability in ToolJet version 1.6.0 enables attackers to execute arbitrary web scripts or HTML through a maliciously crafted payload injected into the Comment Body component. This security flaw can potentially lead to unauthorized actions or data exposure for users interacting with affected elements of the application.

References

http://tooljet.com

https://github.com/fourcube/security-advisories/blob/main...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 26, 2023
Vulnerability Reserved
Mar 28, 2022

CVE-2022-27979 Data

JSON

Tooljet

What is CVE-2022-27979?

References

CVSS V3.1

Timeline