Lucene search
K

427 matches found

OSV
OSV
added 2024/05/13 4:46 p.m.31 views

GHSA-QG73-G3CF-VHHH NocoDB Allows Preview of Files with Dangerous Content

Summary --- Attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading Stored XSSCross-Site Script attack. PoC --- NocoDB was configured using the Release Binary Noco-macos-arm64, and nocodb version 0.202.9 currentl...

5.7CVSS5.6AI score0.00574EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2024/05/13 4:46 p.m.30 views

NocoDB Allows Preview of Files with Dangerous Content

Summary --- Attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading Stored XSSCross-Site Script attack. PoC --- NocoDB was configured using the Release Binary Noco-macos-arm64, and nocodb version 0.202.9 currentl...

5.7CVSS5.6AI score0.00574EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2024/05/13 4:8 p.m.24 views

CVE-2023-50718 NocoDB SQL Injection vulnerability

NocoDB is software for building databases as spreadsheets. Prior to version 0.202.10, an authenticated attacker with create access could conduct a SQL Injection attack on MySQL DB using unescaped tablename. This vulnerability may result in leakage of sensitive data in the database. Version 0.202....

6.5CVSS6.9AI score0.00696EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/05/13 4:8 p.m.15 views

CVE-2023-50718 NocoDB SQL Injection vulnerability

NocoDB is software for building databases as spreadsheets. Prior to version 0.202.10, an authenticated attacker with create access could conduct a SQL Injection attack on MySQL DB using unescaped tablename. This vulnerability may result in leakage of sensitive data in the database. Version 0.202....

6.5CVSS7.5AI score0.00696EPSS
Exploits1References1
CVE
CVE
added 2024/05/13 4:8 p.m.73 views

CVE-2023-50718

CVE-2023-50718 (NocoDB) SQL injection vulnerability exists prior to version 0.202.10 where an authenticated user with create access can exploit an unescaped table_name via VitessClient.ts to leak data from a MySQL database. Affected impact is data disclosure; no integrity/availability impact repo...

6.5CVSS6.6AI score0.00696EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/05/13 4:5 p.m.21 views

CVE-2023-50717 NocoDB Allows Preview of File with Dangerous Content

NocoDB is software for building databases as spreadsheets. Starting in verson 0.202.6 and prior to version 0.202.10, an attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading stored cross-site scripting attack...

5.7CVSS5.6AI score0.00574EPSS
Exploits1References1
CVE
CVE
added 2024/05/13 4:5 p.m.70 views

CVE-2023-50717

CVE-2023-50717 affects NocoDB. Versions 0.202.6 through

5.7CVSS6AI score0.00574EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/13 4:5 p.m.9 views

CVE-2023-50717 NocoDB Allows Preview of File with Dangerous Content

NocoDB is software for building databases as spreadsheets. Starting in verson 0.202.6 and prior to version 0.202.10, an attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading stored cross-site scripting attack...

5.7CVSS6.1AI score0.00574EPSS
Exploits1References1
OSV
OSV
added 2024/05/13 4:5 p.m.5 views

CVE-2023-50717 NocoDB Allows Preview of File with Dangerous Content

NocoDB is software for building databases as spreadsheets. Starting in verson 0.202.6 and prior to version 0.202.10, an attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading stored cross-site scripting attack...

5.7CVSS5.6AI score0.00574EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/05/13 12:0 a.m.6 views

PT-2024-13958 · Nocodb · Nocodb

Name of the Vulnerable Software and Affected Versions: NocoDB versions prior to 0.202.10 Description: The issue allows an authenticated attacker with create access to conduct a SQL Injection attack on MySQL DB using an unescaped table name. This may result in leakage of sensitive data in the...

6.5CVSS8.1AI score0.00696EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/05/13 12:0 a.m.6 views

PT-2024-13799 · Nocodb · Nocodb

Name of the Vulnerable Software and Affected Versions: NocoDB versions prior to 0.202.9 Description: A stored cross-site scripting vulnerability exists within the Formula virtual cell comments functionality. The nc-gui/components/virtual-cell/Formula.vue displays a v-html tag with the value of ur...

7.3CVSS5.9AI score0.00606EPSS
Exploits1References8
BDU FSTEC
BDU FSTEC
added 2023/10/30 12:0 a.m.9 views

The vulnerability of the fileRead() function in the NocoDB database creation platform allows a attacker to gain unauthorized access to protected information.

The vulnerability of the fileRead function in the NocoDB database creation platform is related to an incorrect limitation on the path name for the restricted access directory. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

7.8CVSS7.2AI score0.08875EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2023/10/19 9:39 a.m.53 views

SQL Injection

Nocodb is vulnerable to SQL Injection. The vulnerability is due to improper sanitation or parameterization of sql queries in the triggerList function in the SqliteClient.ts file. This can potentially lead to Information Disclosure...

6.5CVSS7.4AI score0.00791EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2023/10/17 9:15 p.m.17 views

CVE-2023-43794

Nocodb is an open source Airtable alternative. Affected versions of nocodb contain a SQL injection vulnerability, that allows an authenticated attacker with creator access to query the underlying database. By supplying a specially crafted payload to the given an attacker can inject arbitrary SQL...

6.5CVSS6.6AI score0.00791EPSS
Exploits1References1
Prion
Prion
added 2023/10/17 9:15 p.m.12 views

Sql injection

Nocodb is an open source Airtable alternative. Affected versions of nocodb contain a SQL injection vulnerability, that allows an authenticated attacker with creator access to query the underlying database. By supplying a specially crafted payload to the given an attacker can inject arbitrary SQL...

3.3CVSS5.3AI score0.00791EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/10/17 8:2 p.m.23 views

CVE-2023-43794 SQL Injection in nocodb

Nocodb is an open source Airtable alternative. Affected versions of nocodb contain a SQL injection vulnerability, that allows an authenticated attacker with creator access to query the underlying database. By supplying a specially crafted payload to the given an attacker can inject arbitrary SQL...

6.5CVSS6.8AI score0.00791EPSS
Exploits1References1
OSV
OSV
added 2023/10/17 8:2 p.m.14 views

CVE-2023-43794 SQL Injection in nocodb

Nocodb is an open source Airtable alternative. Affected versions of nocodb contain a SQL injection vulnerability, that allows an authenticated attacker with creator access to query the underlying database. By supplying a specially crafted payload to the given an attacker can inject arbitrary SQL...

6.5CVSS6AI score0.00791EPSS
Exploits1References3
CVE
CVE
added 2023/10/17 8:2 p.m.82 views

CVE-2023-43794

CVE-2023-43794 describes a SQL injection in nocodb. The vulnerability affects nocodb where an authenticated attacker with creator access can exploit a blind SQL injection via the SQLite client path (notably in the triggerList flow related to sqlite_master) to reveal data from the database. Affect...

6.5CVSS5.9AI score0.00791EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/17 8:2 p.m.10 views

CVE-2023-43794 SQL Injection in nocodb

Nocodb is an open source Airtable alternative. Affected versions of nocodb contain a SQL injection vulnerability, that allows an authenticated attacker with creator access to query the underlying database. By supplying a specially crafted payload to the given an attacker can inject arbitrary SQL...

6.5CVSS6.6AI score0.00791EPSS
Exploits1References1
OSV
OSV
added 2023/10/17 1:52 p.m.31 views

GHSA-3M5Q-Q39V-XF8F nocodb SQL Injection vulnerability

Summary Nocodb contains SQL injection vulnerability, that allows an authenticated attacker with creator access to query the underlying database. Product nocodb/nocodb Tested Version 0.109.2 Details SQL injection in SqliteClient.ts GHSL-2023-141 By supplying a specially crafted payload to the give...

6.5CVSS6AI score0.00791EPSS
Exploits1References6
Rows per page
Query Builder