Akshay

2 exploits Active since May 2022
CVE-2022-23067 WRITEUP HIGH WRITEUP
ToolJet 0.5.0-1.2.2 - Token Leakage via Referer Header
ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . If the user opens the invite link/signup link and then clicks on any external links within the page, it leaks the password set token/signup token in the referer header. Using these tokens the attacker can access the user’s account.
CVSS 8.8
CVE-2022-23068 WRITEUP MEDIUM WRITEUP
ToolJet 0.6.0-1.10.2 - HTML Injection via User Invitation Name Fields
ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail.
CVSS 5.4