Security advisories, writeups and articles Security Advisories CVE Title Date CVE-2022-27978 Unauthorized password manipulation in ToolJet Server 2022/03/20 CVE-2022-27979 Persistent XSS in ToolJet Server 2022/03/20
Tooljet v1.6 does not properly handle missing values in the API, allowing malicious users to arbitrarily reset passwords via a crafted HTTP request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
tooljet tooljet 1.6 |