CVE-2022-23068
on github
Published
Severity
CVSS v3:
5.4 MEDIUM
CVSS v2:
3.5 LOW
Description
ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail.
References
Configurations
CPE23 | Version Start | Version End | Exact Version |
---|---|---|---|
cpe:2.3:a:tooljet:tooljet:*:*:*:*:*:*:*:* | 0.6.0 (including) | 1.10.2 (including) | * |