Vulnerabilities > Tooljet
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-26 | CVE-2022-27978 | Improper Handling of Exceptional Conditions vulnerability in Tooljet 1.6 Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request. | 7.5 |
| 2023-04-26 | CVE-2022-27979 | Cross-site Scripting vulnerability in Tooljet 1.6.0 A cross-site scripting (XSS) vulnerability in ToolJet v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment Body component. | 5.4 |
| 2022-11-22 | CVE-2022-4111 | Improper Validation of Specified Quantity in Input vulnerability in Tooljet Unrestricted file size limit can lead to DoS in tooljet/tooljet <1.27 by allowing a logged in attacker to upload profile pictures over 2MB. | 6.5 |
| 2022-10-07 | CVE-2022-3422 | Improper Privilege Management vulnerability in Tooljet Account Takeover :: when see the info i can see the hash pass i can creaked it ............... | 7.5 |
| 2022-09-28 | CVE-2022-3348 | Information Exposure vulnerability in Tooljet Just like in the previous report, an attacker could steal the account of different users. | 4.9 |
| 2022-06-09 | CVE-2022-2037 | Unspecified vulnerability in Tooljet Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0. network tooljet | 6.0 |
| 2022-05-18 | CVE-2022-23067 | Information Exposure vulnerability in Tooljet ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . | 6.8 |
| 2022-05-18 | CVE-2022-23068 | Cross-site Scripting vulnerability in Tooljet ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail. | 5.4 |