Lucene search
K

84 matches found

Cvelist
Cvelist
added 2022/05/18 11:45 a.m.32 views

CVE-2022-23067 ToolJet - Token Leakage via Referer Header

ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . If the user opens the invite link/signup link and then clicks on any external links within the page, it leaks the password set token/signup token in the referer header. Using thes...

8.8CVSS8.9AI score0.01224EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/05/18 12:0 a.m.5 views

ToolJet 跨站脚本漏洞

A code injection vulnerability exists in ToolJet v0.6.0 through v1.10.2, which stems from a lack of data validation filtering of user-supplied data and output in the first and last name fields of the invitation email. An attacker could exploit this vulnerability to inject malicious code when...

5.4CVSS5.7AI score0.00576EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/05/17 10:46 a.m.7 views

CVE-2022-23068

ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail...

5.4CVSS5.9AI score0.00576EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/05/17 10:46 a.m.10 views

CVE-2022-23067

ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . If the user opens the invite link/signup link and then clicks on any external links within the page, it leaks the password set token/signup token in the referer header. Using thes...

8.8CVSS5.8AI score0.01224EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder