A code injection vulnerability exists in ToolJet v0.6.0 through v1.10.2, which stems from a lack of data validation filtering of user-supplied data and output in the first and last name fields of the invitation email. An attacker could exploit this vulnerability to inject malicious code when inviting new users.
CPE | Name | Operator | Version |
---|---|---|---|
ToolJet ToolJet >=v0.6.0,<=v | eq | 1.10.2 |