Mend Vulnerability Database
What is a CVE vulnerability ID? What is a WS vulnerability ID? What is an MSC vulnerability ID?New vulnerability? Tell us about it!
We found results for “”
Date: May 18, 2022
OverviewToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail.
DetailsThe application ToolJet is vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail.
PoC DetailsLog in to the application. Once you are logged in, hover over to the shortcut of your username in the top right and click on manage users. Now click on invite user. Turn on Intercept in Burp Suite (or any other web proxy). Fill in the details and intercept the request in Burp Suite. Once the request is intercepted, edit the first name with the payload (found in POC Code section) and forward the request.
As the victim, open the email and click on the link and you’ll see the html page with our payload.
Click <a href='http://evil.com'>here</a> to reset your password.<div style='display:none'>
Affected Environmentsv0.6.0 to v1.10.2
PreventionUpdate version to v1.11.0 or later
Good to know:
|Attack Vector (AV):||Network|
|Attack Complexity (AC):||Low|
|Privileges Required (PR):||Low|
|User Interaction (UI):||Required|
|Access Vector (AV):||Network|
|Access Complexity (AC):||Medium|