CVE-2022-23068

Summary

ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail.

Affected Software

VendorProductVersion RangeStatus
ToolJetToolJet0.6.0 < unspecifiedaffected
ToolJetToolJetunspecified <= 1.10.2affected

Weaknesses

  • CWE-74: CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

ADP Enrichment

CVE Program Container

Additional References

References