A cross-site scripting (XSS) vulnerability in ToolJet v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a craft

Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted H

Unrestricted file size limit can lead to DoS in tooljet/tooljet <1.27 by allowing a logged in attacker to upload profile pictures

Account Takeover :: when see the info i can see the hash pass i can creaked it ............... Account Takeover :: when see the in

Just like in the previous report, an attacker could steal the account of different users. But in this case, it's a little bit more

The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see

Improper Access Control in GitHub repository tooljet/tooljet prior to v1.19.0.

Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0.

ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first n

ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . If the user