GHSA-P8WX-5F39-W3X4 NocoDB: SQL Injection via Column Title in Bulk GroupBy

Summary An authenticated user with column-create permission can inject SQL into the bulk groupBy endpoint by setting a column's title to a SQL fragment. Details The bulk groupBy path in group-by.ts builds three database-specific knex.raw aggregations that interpolate the request's columnname...

NocoDB: SQL Injection via Column Title in Bulk GroupBy

Summary An authenticated user with column-create permission can inject SQL into the bulk groupBy endpoint by setting a column's title to a SQL fragment. Details The bulk groupBy path in group-by.ts builds three database-specific knex.raw aggregations that interpolate the request's columnname...

EUVD-2022-3559

Malicious code in bioql PyPI...

SUSE CVE-2020-12245

Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip...

GHSA-CCMG-W4XM-P28V Grafana XSS in header column rename

Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip...

grafana: XSS via column.title or cellLinkTooltip

A flaw was found in grafana. A XSS is possible in table-panel via column.title or cellLinkTooltip...

grafana: XSS via column.title or cellLinkTooltip

A flaw was found in grafana. A XSS is possible in table-panel via column.title or cellLinkTooltip...

grafana: XSS via column.title or cellLinkTooltip

A flaw was found in grafana. A XSS is possible in table-panel via column.title or cellLinkTooltip...

CVE-2020-12245

A flaw was found in grafana. A XSS is possible in table-panel via column.title or cellLinkTooltip...

UBUNTU-CVE-2020-12245

Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip...