Lucene search
+L

91 matches found

prion
prion
added 2022/05/18 2:15 p.m.16 views

Design/Logic Flaw

ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . If the user opens the invite link/signup link and then clicks on any external links within the page, it leaks the password set token/signup token in the referer header. Using thes...

6.8CVSS8.7AI score0.01251EPSS
Exploits1References2Affected Software1
prion
prion
added 2022/05/18 2:15 p.m.19 views

Input validation

ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail...

3.5CVSS5.6AI score0.00588EPSS
Exploits1References2Affected Software1
cve
cve
added 2022/05/18 11:45 a.m.69 views

CVE-2022-23068

CVE-2022-23068 affects ToolJet versions v0.6.0–v1.10.2. The issue is HTML injection in the invite-new-user flow: attacker-controlled first and last name fields can inject code that is reflected in the invitation email, due to insufficient input validation/filtering in those fields. Root cause cit...

5.4CVSS5.6AI score0.00588EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2022/05/18 11:45 a.m.32 views

CVE-2022-23068 ToolJet - HTML Injection in Invite New User

ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail...

5.4CVSS5.9AI score0.00588EPSS
Exploits1References2
osv
osv
added 2022/05/18 11:45 a.m.19 views

CVE-2022-23068 ToolJet - HTML Injection in Invite New User

ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail...

5.4CVSS6.2AI score0.00588EPSS
Exploits1References4
cve
cve
added 2022/05/18 11:45 a.m.74 views

CVE-2022-23067

The CVE-2022-23067 entry applies to ToolJet versions v0.5.0–v1.2.2, where a token leakage vulnerability via the Referer header can lead to account takeover. According to the provided sources, if a user opens an invite/signup link and then clicks external links, the password/signup token is expose...

8.8CVSS8.8AI score0.01251EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2022/05/18 11:45 a.m.36 views

CVE-2022-23067 ToolJet - Token Leakage via Referer Header

ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . If the user opens the invite link/signup link and then clicks on any external links within the page, it leaks the password set token/signup token in the referer header. Using thes...

8.8CVSS8.9AI score0.01251EPSS
Exploits1References2
osv
osv
added 2022/05/18 11:45 a.m.25 views

CVE-2022-23067 ToolJet - Token Leakage via Referer Header

ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . If the user opens the invite link/signup link and then clicks on any external links within the page, it leaks the password set token/signup token in the referer header. Using thes...

8.8CVSS7.2AI score0.01251EPSS
Exploits1References4
cnnvd
cnnvd
added 2022/05/18 12:0 a.m.6 views

ToolJet 跨站脚本漏洞

A code injection vulnerability exists in ToolJet v0.6.0 through v1.10.2, which stems from a lack of data validation filtering of user-supplied data and output in the first and last name fields of the invitation email. An attacker could exploit this vulnerability to inject malicious code when...

5.4CVSS5.7AI score0.00588EPSS
Exploits1References3
attackerkb
attackerkb
added 2022/05/17 10:46 a.m.7 views

CVE-2022-23068

ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail...

5.4CVSS5.9AI score0.00588EPSS
Exploits1References3Affected Software1
attackerkb
attackerkb
added 2022/05/17 10:46 a.m.10 views

CVE-2022-23067

ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . If the user opens the invite link/signup link and then clicks on any external links within the page, it leaks the password set token/signup token in the referer header. Using thes...

8.8CVSS5.8AI score0.01251EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder