CVE-2022-27979: XSS
First published: Wed Apr 26 2023(Updated: )
A cross-site scripting (XSS) vulnerability in ToolJet v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment Body component.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tooljet Tooljet | =1.6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this XSS vulnerability in ToolJet v1.6.0?
The vulnerability ID for this XSS vulnerability in ToolJet v1.6.0 is CVE-2022-27979.
What is the severity of CVE-2022-27979?
The severity of CVE-2022-27979 is medium (5.4).
How does the XSS vulnerability in ToolJet v1.6.0 allow attackers to execute arbitrary web scripts or HTML?
The XSS vulnerability in ToolJet v1.6.0 allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Comment Body component.
Which software version is affected by this XSS vulnerability?
The ToolJet version 1.6.0 is affected by this XSS vulnerability.
Are there any references available for this XSS vulnerability in ToolJet v1.6.0?
Yes, you can find references for this XSS vulnerability in ToolJet v1.6.0 at http://tooljet.com and https://github.com/fourcube/security-advisories/blob/main/security-advisories/20220321-tooljet-xss.md.
- collector/nvd-index
- vendor/tooljet
- canonical/tooljet tooljet
- version/tooljet tooljet/1.6.0