429 matches found
PT-2025-9998
Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 0.258.0 Description The issue concerns a Reflected Cross-Site-Scripting vulnerability in the password reset function of NocoDB. The API endpoint "/api/v1/db/auth/password/reset/:tokenId" is affected. This flaw is cause...
NocoDB 跨站脚本漏洞
NocoDB is an open source Airtable alternative. Convert any MySql, PostgreSql, Sql Server, Sqlite and MariaDb to a smart spreadsheet. A cross-site scripting vulnerability exists in NocoDB versions prior to 0.258.0, which stems from the lack of effective filtering and escaping of user-supplied data...
CVE-2022-3423
Allocation of Resources Without Limits or Throttling in GitHub repository nocodb/nocodb prior to 0.92.0...
CVE-2022-2063
Improper Privilege Management in GitHub repository nocodb/nocodb prior to 0.91.7+...
CVE-2022-2064
Insufficient Session Expiration in GitHub repository nocodb/nocodb prior to 0.91.7+...
CVE-2022-2022
Cross-site Scripting XSS - Stored in GitHub repository nocodb/nocodb prior to 0.91.7...
CVE-2022-2079
Cross-site Scripting XSS - Stored in GitHub repository nocodb/nocodb prior to 0.91.7+...
CVE-2022-2062
Generation of Error Message Containing Sensitive Information in GitHub repository nocodb/nocodb prior to 0.91.7+...
CVE-2023-50718
NocoDB is software for building databases as spreadsheets. Prior to version 0.202.10, an authenticated attacker with create access could conduct a SQL Injection attack on MySQL DB using unescaped tablename. This vulnerability may result in leakage of sensitive data in the database. Version 0.202....
CVE-2023-50717
NocoDB is software for building databases as spreadsheets. Starting in verson 0.202.6 and prior to version 0.202.10, an attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading stored cross-site scripting attack...
CVE-2023-49781
NocoDB is software for building databases as spreadsheets. Prior to 0.202.9, a stored cross-site scripting vulnerability exists within the Formula virtual cell comments functionality. The nc-gui/components/virtual-cell/Formula.vue displays a v-html tag with the value of "urls" whose contents are...
Stored Cross-Site Scripting (XSS)
nocodb is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization when viewing uploaded HTML files, allowing malicious scripts to be executed when the file is opened in a browser...
SQL Injection
nocodb is vulnerable to SQL Injection. The vulnerability is due improper sanitization of the tablename parameter within VitessClient.ts, which allows an authenticated attacker with the create access permission to execute arbitrary SQL by escaping the query with a ' character within the tablename...
NocoDB Security Vulnerabilities
NocoDB is an open source Airtable replacement. Convert any MySql, PostgreSql, Sql Server, Sqlite and MariaDb into a smart spreadsheet. A security vulnerability exists in NocoDB versions prior to 0.202.10, which stems from the presence of SQL injection and could lead to the disclosure of sensitive...
NocoDB Security Vulnerabilities
NocoDB is an open source Airtable replacement. Convert any MySql, PostgreSql, Sql Server, Sqlite and MariaDb into a smart spreadsheet. A security vulnerability exists in NocoDB versions prior to 0.202.9, which stems from the presence of a stored cross-site scripting vulnerability...
NocoDB Code Issues Vulnerabilities
NocoDB is an open source Airtable replacement. Convert any MySql, PostgreSql, Sql Server, Sqlite and MariaDb into a smart spreadsheet. A security vulnerability exists in NocoDB versions 0.202.6 through prior to 0.202.10, which stems from the presence of a stored cross-site scripting vulnerability...
GHSA-H6R4-XVW6-JC5H NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue
Summary A stored cross-site scripting vulnerability exists within the Formula virtual cell comments functionality. Details The nc-gui/components/virtual-cell/Formula.vue displays a v-html tag with the value of "urls" whose contents are processed by the function replaceUrlsWithLink. This function...
NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue
Summary A stored cross-site scripting vulnerability exists within the Formula virtual cell comments functionality. Details The nc-gui/components/virtual-cell/Formula.vue displays a v-html tag with the value of "urls" whose contents are processed by the function replaceUrlsWithLink. This function...
CVE-2023-49781 NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue
NocoDB is software for building databases as spreadsheets. Prior to 0.202.9, a stored cross-site scripting vulnerability exists within the Formula virtual cell comments functionality. The nc-gui/components/virtual-cell/Formula.vue displays a v-html tag with the value of "urls" whose contents are...
CVE-2023-49781 NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue
NocoDB is software for building databases as spreadsheets. Prior to 0.202.9, a stored cross-site scripting vulnerability exists within the Formula virtual cell comments functionality. The nc-gui/components/virtual-cell/Formula.vue displays a v-html tag with the value of "urls" whose contents are...