CVE-2024-47818

Saltcorn is an extensible, open source, no-code database application builder. A logged-in user with any role can delete arbitrary files on the filesystem by calling the sync/cleansyncdir endpoint. The dirname POST parameter is not validated/sanitized and is used to construct the syncDir that is...

CVE-2023-41343

Rogic No-Code Database Builder's file uploading function has insufficient filtering for special characters. A remote attacker with regular user privilege can inject JavaScript to perform XSS Stored Cross-Site Scripting attack...

CVE-2023-41343 Ragic No-Code Database Builder - Stored XSS

Rogic No-Code Database Builder's file uploading function has insufficient filtering for special characters. A remote attacker with regular user privilege can inject JavaScript to perform XSS Stored Cross-Site Scripting attack...

CVE-2023-41343

The vulnerability corresponds to CVE-2023-41343 in Rogic No-Code Database Builder. The file-upload function permits insufficient filtering of special characters, enabling a Stored XSS attack via crafted uploads. A remote attacker with regular user privileges can inject JavaScript, with the impact...

PT-2023-27916 · Rogic · Rogic No-Code Database Builder

Name of the Vulnerable Software and Affected Versions: Rogic No-Code Database Builder affected versions not specified Description: The issue concerns the file uploading function in Rogic No-Code Database Builder, which has insufficient filtering for special characters. This allows a remote attack...