CVE-2022-23068 MEDIUM

CVE-2022-23068: ToolJet - HTML Injection in Invite New User

Vendor Tooljet
Product ToolJet
Weakness CWE-74
Published May 18, 2022
Last update September 17, 2024

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail.

Key dates

02Disclosure timeline

May 18, 2022 CVE published
September 17, 2024 Record updated