CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

A cross-site scripting XSS vulnerability in ToolJet v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment Body component...

5.4CVSS5.7AI score0.00377EPSS

Exploits1References1

RedhatCVE•added 2025/02/05 9:19 p.m.•4 views

CVE-2022-2631

Improper Access Control in GitHub repository tooljet/tooljet prior to v1.19.0...

9.8CVSS6.8AI score0.00326EPSS

Exploits1References1

RedhatCVE•added 2025/02/05 9:18 p.m.•5 views

CVE-2022-2037

Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0...

9.8CVSS6.7AI score0.00332EPSS

Exploits1References1

NVD•added 2023/04/26 4:15 p.m.•15 views

CVE-2022-27978

Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request...

7.5CVSS7.4AI score0.00623EPSS

Exploits1References2

OSV•added 2023/04/26 4:15 p.m.•12 views

CVE-2022-27979

A cross-site scripting XSS vulnerability in ToolJet v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment Body component...

5.4CVSS5.9AI score

Exploits0References2

NVD•added 2023/04/26 4:15 p.m.•25 views

CVE-2022-27979

A cross-site scripting XSS vulnerability in ToolJet v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment Body component...

5.4CVSS5.3AI score0.00377EPSS

Exploits1References2

OSV•added 2023/04/26 4:15 p.m.•17 views

CVE-2022-27978

Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request...

7.5CVSS7AI score

Exploits0References2

Prion•added 2023/04/26 4:15 p.m.•14 views

Cross site scripting

A cross-site scripting XSS vulnerability in ToolJet v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment Body component...

4.9CVSS5.3AI score0.00377EPSS

Exploits1References2Affected Software1

Prion•added 2023/04/26 4:15 p.m.•16 views

Cross site request forgery (csrf)

Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request...

5CVSS7.3AI score0.00623EPSS

Exploits1References2Affected Software1

CNNVD•added 2023/04/26 12:0 a.m.•1 views

ToolJet 安全漏洞

ToolJet is an extensible low-code framework for building business applications from ToolJet. A security vulnerability exists in Tooljet version v1.6.0 that stems from not properly handling missing values in the API. An attacker can exploit the vulnerability to arbitrarily reset a password via a...

7.5CVSS7.9AI score0.00623EPSS

Exploits1References3

Positive Technologies•added 2023/04/26 12:0 a.m.•1 views

PT-2023-12928 · Tooljet · Tooljet

Name of the Vulnerable Software and Affected Versions: Tooljet version 1.6 Description: The issue arises from the improper handling of missing values in the API, allowing attackers to send a crafted HTTP request to arbitrarily reset passwords. Recommendations: For Tooljet version 1.6, consider...

7.5CVSS7.9AI score0.00623EPSS

Exploits1References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by