Home > Vulnerability Database > CVE-2022-23068

Mend.io Vulnerability Database

CVE-2022-23068

Date: May 18, 2022

Overview

ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail.

Details

The application ToolJet is vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail.

PoC Details

Log in to the application. Once you are logged in, hover over to the shortcut of your username in the top right and click on manage users. Now click on invite user. Turn on Intercept in Burp Suite (or any other web proxy). Fill in the details and intercept the request in Burp Suite. Once the request is intercepted, edit the first name with the payload (found in POC Code section) and forward the request.
As the victim, open the email and click on the link and you’ll see the html page with our payload.

PoC Code

 Click <a href='http://evil.com'>here</a> to reset your password.<div style='display:none'>

Affected Environments

v0.6.0 to v1.10.2

Prevention

Update version to v1.11.0 or later

Language: JS

Good to know:

5.4

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-74

Upgrade Version

No fix version available

CVSS v3.1
CVSS v2

Base Score:	5.4
Attack Vector (AV):	Network
Attack Complexity (AC):	Low
Privileges Required (PR):	Low
User Interaction (UI):	Required
Scope (S):	Changed
Confidentiality (C):	Low
Integrity (I):	Low
Availability (A):	None

Base Score:	3.5
Access Vector (AV):	Network
Access Complexity (AC):	Medium
Authentication (AU):	Single
Confidentiality (C):	None
Integrity (I):	Partial
Availability (A):	None
Additional information: