fourcube/security-advisories

Releases0

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-27978 ↗	Apr 26, 2023Wednesday, 26 April 2023, 16:15	7.5 HIGH	—
Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request.
CVE-2022-27979 ↗	Apr 26, 2023Wednesday, 26 April 2023, 16:15	5.4 MEDIUM	—
A cross-site scripting (XSS) vulnerability in ToolJet v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment Body component.