RSS   Podatności dla 'Tooljet'   RSS

2022-06-09
 
CVE-2022-2037

NVD-CWE-Other
 

 
Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0.

 
2022-05-18
 
CVE-2022-23067

NVD-CWE-noinfo
 

 
ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . If the user opens the invite link/signup link and then clicks on any external links within the page, it leaks the password set token/signup token in the referer header. Using these tokens the attacker can access the user�??s account.

 
 
CVE-2022-23068

CWE-74
 

 
ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail.

 


Copyright 2024, cxsecurity.com

 

Back to Top