First published: Wed Apr 26 2023(Updated: )
A cross-site scripting (XSS) vulnerability in ToolJet v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment Body component.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Tooljet Tooljet | =1.6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this XSS vulnerability in ToolJet v1.6.0 is CVE-2022-27979.
The severity of CVE-2022-27979 is medium (5.4).
The XSS vulnerability in ToolJet v1.6.0 allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Comment Body component.
The ToolJet version 1.6.0 is affected by this XSS vulnerability.
Yes, you can find references for this XSS vulnerability in ToolJet v1.6.0 at http://tooljet.com and https://github.com/fourcube/security-advisories/blob/main/security-advisories/20220321-tooljet-xss.md.