Lucene search
K

429 matches found

ptsecurity
ptsecurity
added 2025/03/06 12:0 a.m.1 views

PT-2025-9998

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 0.258.0 Description The issue concerns a Reflected Cross-Site-Scripting vulnerability in the password reset function of NocoDB. The API endpoint "/api/v1/db/auth/password/reset/:tokenId" is affected. This flaw is cause...

6.1CVSS5.9AI score0.00683EPSS
Exploits1References11
cnnvd
cnnvd
added 2025/03/06 12:0 a.m.12 views

NocoDB 跨站脚本漏洞

NocoDB is an open source Airtable alternative. Convert any MySql, PostgreSql, Sql Server, Sqlite and MariaDb to a smart spreadsheet. A cross-site scripting vulnerability exists in NocoDB versions prior to 0.258.0, which stems from the lack of effective filtering and escaping of user-supplied data...

6.1CVSS6.2AI score0.00683EPSS
Exploits1References5
redhatcve
redhatcve
added 2025/02/06 12:44 a.m.6 views

CVE-2022-3423

Allocation of Resources Without Limits or Throttling in GitHub repository nocodb/nocodb prior to 0.92.0...

7.3CVSS6.6AI score0.01787EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/02/05 9:24 p.m.6 views

CVE-2022-2063

Improper Privilege Management in GitHub repository nocodb/nocodb prior to 0.91.7+...

9CVSS6.7AI score0.01359EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/02/05 9:20 p.m.8 views

CVE-2022-2064

Insufficient Session Expiration in GitHub repository nocodb/nocodb prior to 0.91.7+...

9.1CVSS6.7AI score0.01163EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/02/05 9:17 p.m.8 views

CVE-2022-2022

Cross-site Scripting XSS - Stored in GitHub repository nocodb/nocodb prior to 0.91.7...

9CVSS5.9AI score0.00772EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/02/05 9:14 p.m.6 views

CVE-2022-2079

Cross-site Scripting XSS - Stored in GitHub repository nocodb/nocodb prior to 0.91.7+...

7.3CVSS5.8AI score0.00678EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/02/05 9:13 p.m.5 views

CVE-2022-2062

Generation of Error Message Containing Sensitive Information in GitHub repository nocodb/nocodb prior to 0.91.7+...

9.1CVSS6.7AI score0.01418EPSS
Exploits1References1
nvd
nvd
added 2024/05/14 2:17 p.m.21 views

CVE-2023-50718

NocoDB is software for building databases as spreadsheets. Prior to version 0.202.10, an authenticated attacker with create access could conduct a SQL Injection attack on MySQL DB using unescaped tablename. This vulnerability may result in leakage of sensitive data in the database. Version 0.202....

6.5CVSS6.6AI score0.00696EPSS
Exploits1References1
nvd
nvd
added 2024/05/14 2:17 p.m.17 views

CVE-2023-50717

NocoDB is software for building databases as spreadsheets. Starting in verson 0.202.6 and prior to version 0.202.10, an attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading stored cross-site scripting attack...

5.7CVSS5.4AI score0.00574EPSS
Exploits1References1
nvd
nvd
added 2024/05/14 2:6 p.m.35 views

CVE-2023-49781

NocoDB is software for building databases as spreadsheets. Prior to 0.202.9, a stored cross-site scripting vulnerability exists within the Formula virtual cell comments functionality. The nc-gui/components/virtual-cell/Formula.vue displays a v-html tag with the value of "urls" whose contents are...

7.6CVSS6.7AI score0.00606EPSS
Exploits1References2
veracode
veracode
added 2024/05/14 9:47 a.m.14 views

Stored Cross-Site Scripting (XSS)

nocodb is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization when viewing uploaded HTML files, allowing malicious scripts to be executed when the file is opened in a browser...

5.7CVSS6AI score0.00574EPSS
Exploits1References2Affected Software1
veracode
veracode
added 2024/05/14 6:32 a.m.15 views

SQL Injection

nocodb is vulnerable to SQL Injection. The vulnerability is due improper sanitization of the tablename parameter within VitessClient.ts, which allows an authenticated attacker with the create access permission to execute arbitrary SQL by escaping the query with a ' character within the tablename...

6.5CVSS7.9AI score0.00696EPSS
Exploits1References3Affected Software1
cnnvd
cnnvd
added 2024/05/14 12:0 a.m.5 views

NocoDB Security Vulnerabilities

NocoDB is an open source Airtable replacement. Convert any MySql, PostgreSql, Sql Server, Sqlite and MariaDb into a smart spreadsheet. A security vulnerability exists in NocoDB versions prior to 0.202.10, which stems from the presence of SQL injection and could lead to the disclosure of sensitive...

6.5CVSS7.5AI score0.00696EPSS
Exploits1References3
cnnvd
cnnvd
added 2024/05/14 12:0 a.m.6 views

NocoDB Security Vulnerabilities

NocoDB is an open source Airtable replacement. Convert any MySql, PostgreSql, Sql Server, Sqlite and MariaDb into a smart spreadsheet. A security vulnerability exists in NocoDB versions prior to 0.202.9, which stems from the presence of a stored cross-site scripting vulnerability...

7.6CVSS6AI score0.00606EPSS
Exploits1References4
cnnvd
cnnvd
added 2024/05/14 12:0 a.m.5 views

NocoDB Code Issues Vulnerabilities

NocoDB is an open source Airtable replacement. Convert any MySql, PostgreSql, Sql Server, Sqlite and MariaDb into a smart spreadsheet. A security vulnerability exists in NocoDB versions 0.202.6 through prior to 0.202.10, which stems from the presence of a stored cross-site scripting vulnerability...

5.7CVSS6.2AI score0.00574EPSS
Exploits1References3
osv
osv
added 2024/05/13 7:59 p.m.20 views

GHSA-H6R4-XVW6-JC5H NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue

Summary A stored cross-site scripting vulnerability exists within the Formula virtual cell comments functionality. Details The nc-gui/components/virtual-cell/Formula.vue displays a v-html tag with the value of "urls" whose contents are processed by the function replaceUrlsWithLink. This function...

7.3CVSS6.7AI score0.00606EPSS
Exploits1References4
github
github
added 2024/05/13 7:59 p.m.34 views

NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue

Summary A stored cross-site scripting vulnerability exists within the Formula virtual cell comments functionality. Details The nc-gui/components/virtual-cell/Formula.vue displays a v-html tag with the value of "urls" whose contents are processed by the function replaceUrlsWithLink. This function...

7.6CVSS6.7AI score0.00606EPSS
Exploits1References4Affected Software1
osv
osv
added 2024/05/13 6:54 p.m.26 views

CVE-2023-49781 NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue

NocoDB is software for building databases as spreadsheets. Prior to 0.202.9, a stored cross-site scripting vulnerability exists within the Formula virtual cell comments functionality. The nc-gui/components/virtual-cell/Formula.vue displays a v-html tag with the value of "urls" whose contents are...

7.3CVSS6.7AI score0.00606EPSS
Exploits1References4
vulnrichment
vulnrichment
added 2024/05/13 6:54 p.m.13 views

CVE-2023-49781 NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue

NocoDB is software for building databases as spreadsheets. Prior to 0.202.9, a stored cross-site scripting vulnerability exists within the Formula virtual cell comments functionality. The nc-gui/components/virtual-cell/Formula.vue displays a v-html tag with the value of "urls" whose contents are...

7.3CVSS5.8AI score0.00606EPSS
Exploits1References2
Rows per page
Query Builder