VYPR
Unrated severityNVD Advisory· Published May 18, 2022· Updated Sep 17, 2024

ToolJet - HTML Injection in Invite New User

CVE-2022-23068

Description

ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • ToolJet/ToolJetllm-fuzzy2 versions
    >=0.6.0 and <=1.10.2+ 1 more
    • (no CPE)range: >=0.6.0 and <=1.10.2
    • (no CPE)range: 0.6.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.