Chris Grieger

CVE-2022-27978 WRITEUP HIGH WRITEUP

Tooljet - Improper Exception Handling

Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request.

CVSS 7.5

View Code

CVE-2022-27979 WRITEUP MEDIUM WRITEUP

Tooljet - XSS

A cross-site scripting (XSS) vulnerability in ToolJet v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment Body component.

CVSS 5.4

View Code