Lucene search
China National Vulnerability DatabaseCNVD-2022-68520HistoryMay 20, 2022 - 12:00 a.m.
ToolJet Code Injection Vulnerability
2022-05-2000:00:00
China National Vulnerability Database
www.cnvd.org.cn
10
0.001 Low
EPSS
Percentile
21.6%
A code injection vulnerability exists in ToolJet v0.6.0 through v1.10.2, which stems from a lack of data validation filtering of user-supplied data and output in the first and last name fields of the invitation email. An attacker could exploit this vulnerability to inject malicious code when inviting new users.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ToolJet ToolJet >=v0.6.0,<=v | eq | 1.10.2 |
Related
cve
cve
CVE-2022-23068
2022-05-18 14:15:08
nvd
nvd
CVE-2022-23068
2022-05-18 14:15:08
osv
osv
CVE-2022-23068
2022-05-18 14:15:08
prion
prion
Input validation
2022-05-18 14:15:00
cvelist
cvelist
CVE-2022-23068 ToolJet - HTML Injection in Invite New User
2022-05-17 00:00:00