2 matches found
CVE-2022-23068
CVE-2022-23068 affects ToolJet versions v0.6.0–v1.10.2. The issue is HTML injection in the invite-new-user flow: attacker-controlled first and last name fields can inject code that is reflected in the invitation email, due to insufficient input validation/filtering in those fields. Root cause cit...
CVE-2022-23068 ToolJet - HTML Injection in Invite New User
ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail...