CVE-2022-23068

ToolJet/ToolJet

on github

Published

May 18, 2022

Severity

CVSS v3:

5.4 MEDIUM

CVSS v2:

3.5 LOW

Description

ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail.

References

https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23068
https://github.com/ToolJet/ToolJet/commit/431dc961cdfe4d26343d1c1c951ced778fbddb58

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:tooljet:tooljet::::::::	0.6.0 (including)	1.10.2 (including)	*

External Links

NVD - CVE-2022-23068