Input validation error in Tolgee - CVE-2023-41316
Published: September 7, 2023 / Updated: June 2, 2026
Tolgee
Detailed vulnerability description
The vulnerability allows a remote user to cause a denial of service.
The vulnerability exists due to improper input validation in the Org Name field used by InvitationEmailSender when generating invitation emails. A remote user can create an organization with a specially crafted name and send an invitation email to cause a denial of service.
User interaction is required because the victim must open the invitation email.