429 matches found
NocoDB 代码问题漏洞
NocoDB is an open source Airtable replacement. Convert any MySql, PostgreSql, Sql Server, Sqlite and MariaDb into a smart spreadsheet. A code issue vulnerability exists in NocoDB versions prior to 0.91.7+. An attacker could exploit this vulnerability to obtain sensitive information...
CVE-2022-2062 Generation of Error Message Containing Sensitive Information in nocodb/nocodb
Generation of Error Message Containing Sensitive Information in GitHub repository nocodb/nocodb prior to 0.91.7+...
NocoDB 代码问题漏洞
NocoDB is an open source Airtable replacement. Convert any MySql, PostgreSql, Sql Server, Sqlite and MariaDb into a smart spreadsheet. A security vulnerability exists in NocoDB versions prior to 0.91.7+ that stems from insufficient session expiration...
CVE-2022-2062 Generation of Error Message Containing Sensitive Information in nocodb/nocodb
Generation of Error Message Containing Sensitive Information in GitHub repository nocodb/nocodb prior to 0.91.7+...
CVE-2022-2062
CVE-2022-2062 affects nocodb/nocodb prior to 0.91.7+. The issue is with generation of error messages that disclose sensitive information and with the SMTP plugin lacking verification/validation, enabling potential exposure of internal data. Multiple connected sources corroborate the vulnerability...
Stored Cross-Site Scripting
Description A stored cross-site scripting vulnerability exists within the Gallery View comments functionality. Replication Steps and PoC Preconditions PC1. A project exists. PC2. A table with a sheet containing data exists in the project. PC3. A gallery view exists. PC4. A user with the editor ro...
CVE-2022-2022
Cross-site Scripting XSS - Stored in GitHub repository nocodb/nocodb prior to 0.91.7...
Cross site scripting
Cross-site Scripting XSS - Stored in GitHub repository nocodb/nocodb prior to 0.91.7...
CVE-2022-2022 Cross-site Scripting (XSS) - Stored in nocodb/nocodb
Cross-site Scripting XSS - Stored in GitHub repository nocodb/nocodb prior to 0.91.7...
CVE-2022-2022 Cross-site Scripting (XSS) - Stored in nocodb/nocodb
Cross-site Scripting XSS - Stored in GitHub repository nocodb/nocodb prior to 0.91.7...
CVE-2022-2022
CVE-2022-2022 is a stored XSS vulnerability in NocoDB (nocodb/nocodb) prior to 0.91.7. Affected component is the web app input handling (e.g., Project Title) that can inject scripts into pages, enabling context with user interaction. Public documents indicate an XSS risk has been demonstrated in ...
NocoDB 跨站脚本漏洞
NocoDB is an open source Airtable replacement. Convert any MySql, PostgreSql, Sql Server, Sqlite and MariaDb into a smart spreadsheet. A security vulnerability exists in NocoDB version 0.91.7, which stems from the presence of a cross-site scripting issue...
Account takeover due to stored XSS in "Project Title"
Description The Project "Title" of the NocoDB application is vulnerable to stored xss which can leads to admin account takeover. Proof of Concept Login with low privileged users and Click on "New Project" then click on "Create" Now write the payload and again click on "Create" Then login from sup...
Information Disclosure
nocodb is vulnerable to information disclosure.The library does not properly sanitize the error message of the password rest when requesting a password reset for a given email address, allowing an attacker to enumerate the registered users email addresses...
CSV Injection
nocodb is vulnerable to CSV injection attacks. The vulnerability exists due to lack of sanitization in table rows which allows attackers to inject payload and execute in endpoint when administer opens the CSV file...
CVE-2022-22120
In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error message when the email isn't registered within the system. This allows attackers to enumerate the...
CVE-2022-22121
In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability Formula Injection. A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a CSV file and opens...
Input validation
In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability Formula Injection. A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a CSV file and opens...
Design/Logic Flaw
In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error message when the email isn't registered within the system. This allows attackers to enumerate the...
CVE-2022-22121
CVE-2022-22121 (NocoDB) affects versions 0.81.0–0.83.8. A low-privileged attacker can create a table and inject payloads into table rows; when an administrator exports data to CSV via the User Management endpoint and opens the file, the payload may execute. Root cause stated as lack of sanitizati...