5.6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
21.6%
ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail.
github.com/ToolJet/ToolJet/commit/431dc961cdfe4d26343d1c1c951ced778fbddb58
www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23068