CVE-2022-23068 — MEDIUM (5.4)

Q: How severe is CVE-2022-23068?

CVE-2022-23068 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-23068?

Check the references section above for vendor advisories and patch information. Affected products include: Tooljet Tooljet.

Vulnerability Description

ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Tooljet	Tooljet	>= 0.6.0, <= 1.10.2

Related Weaknesses (CWE)

CWE-74 CWE-79

References

https://github.com/ToolJet/ToolJet/commit/431dc961cdfe4d26343d1c1c951ced778fbddbPatchThird Party Advisory
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23068ExploitThird Party Advisory
https://github.com/ToolJet/ToolJet/commit/431dc961cdfe4d26343d1c1c951ced778fbddbPatchThird Party Advisory
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23068ExploitThird Party Advisory

FAQ

What is CVE-2022-23068?

CVE-2022-23068 is a vulnerability with a CVSS score of 5.4 (MEDIUM). ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflec...

How severe is CVE-2022-23068?

CVE-2022-23068 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-23068?

Check the references section above for vendor advisories and patch information. Affected products include: Tooljet Tooljet.