tooljet 漏洞与 CVE 列表(10)

产品(CPE): — CVE 数: 10

tooljet 漏洞概览

汇总 tooljet 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。

常见弱点模式包括 跨站脚本、路径处理缺陷与输入验证问题,在 软件部署与生产负载 使用场景中可能带来 文件覆盖、会话劫持与异常行为 等风险。

相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。

漏洞分布趋势(近 24 个月)

显示 11010 CVE 数
«« 第一页 « 上一页 第 1 / 1 页 下一页 »
CVE 摘要 来源 最高 CVSS EPSS % 公开时间 更新时间
CVE-2022-27979 A cross-site scripting (XSS) vulnerability in ToolJet v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment Body component. [email protected] 5.4 0.48% 2023-04-26 2026-06-17
CVE-2022-27978 Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request. [email protected] 7.5 1.06% 2023-04-26 2026-06-17
CVE-2022-4111 Unrestricted file size limit can lead to DoS in tooljet/tooljet <1.27 by allowing a logged in attacker to upload profile pictures over 2MB. [email protected] 6.5 0.75% 2022-11-21 2026-06-17
CVE-2022-3422 Account Takeover :: when see the info i can see the hash pass i can creaked it ............... Account Takeover :: when see the info i can see the forgot_password_token the hacker can send the request and changed the pass [email protected] 7.5 0.78% 2022-10-07 2026-06-17
CVE-2022-3348 Just like in the previous report, an attacker could steal the account of different users. But in this case, it's a little bit more specific, because it is needed to be an editor in the same app as the victim. [email protected] 4.9 0.82% 2022-09-28 2026-06-17
CVE-2022-3019 The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id's might also be an option but I wouldn't count on it, since it would take a long time to find a valid one). [email protected] 8.8 0.68% 2022-08-29 2026-06-17
CVE-2022-2631 Improper Access Control in GitHub repository tooljet/tooljet prior to v1.19.0. [email protected] 8.8 0.94% 2022-08-02 2026-06-17
CVE-2022-2037 Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0. [email protected] 8.0 1.06% 2022-06-09 2026-06-17
CVE-2022-23068 ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail. [email protected] 5.4 0.58% 2022-05-18 2026-06-17
CVE-2022-23067 ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . If the user opens the invite link/signup link and then clicks on any external links within the page, it leaks the password set token/signup token in the referer header. Using these tokens the attacker can access the user’s account. [email protected] 8.8 1.22% 2022-05-18 2026-06-17
«« 第一页 « 上一页 第 1 / 1 页 下一页 »
cvelogic Threat Intelligence