icon

We found results for “

CVE-2022-23068

Date: May 18, 2022

Overview

ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail.

Details

The application ToolJet is vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail.

PoC Details

Log in to the application. Once you are logged in, hover over to the shortcut of your username in the top right and click on manage users. Now click on invite user. Turn on Intercept in Burp Suite (or any other web proxy). Fill in the details and intercept the request in Burp Suite. Once the request is intercepted, edit the first name with the payload (found in POC Code section) and forward the request.
As the victim, open the email and click on the link and you’ll see the html page with our payload.

PoC Code

 Click <a href='http://evil.com'>here</a> to reset your password.<div style='display:none'>

Affected Environments

v0.6.0 to v1.10.2

Prevention

Update version to v1.11.0 or later

Language: JS

Good to know:

icon

Cross-Site Scripting (XSS)

CWE-79

Injection

CWE-74
icon

Upgrade Version

Upgrade to version v1.11.0

Learn More

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope (S): Changed
Confidentiality (C): Low
Integrity (I): Low
Availability (A): None
Base Score:
Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (AU): Single
Confidentiality (C): None
Integrity (I): Partial
Availability (A): None
Additional information: