Lucene search
K

429 matches found

CNNVD
CNNVD
added 2022/06/13 12:0 a.m.4 views

NocoDB 代码问题漏洞

NocoDB is an open source Airtable replacement. Convert any MySql, PostgreSql, Sql Server, Sqlite and MariaDb into a smart spreadsheet. A code issue vulnerability exists in NocoDB versions prior to 0.91.7+. An attacker could exploit this vulnerability to obtain sensitive information...

9.1CVSS8.2AI score0.01418EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/06/13 12:0 a.m.17 views

CVE-2022-2062 Generation of Error Message Containing Sensitive Information in nocodb/nocodb

Generation of Error Message Containing Sensitive Information in GitHub repository nocodb/nocodb prior to 0.91.7+...

9.1CVSS7.7AI score0.01418EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/06/13 12:0 a.m.3 views

NocoDB 代码问题漏洞

NocoDB is an open source Airtable replacement. Convert any MySql, PostgreSql, Sql Server, Sqlite and MariaDb into a smart spreadsheet. A security vulnerability exists in NocoDB versions prior to 0.91.7+ that stems from insufficient session expiration...

9.1CVSS8.2AI score0.01163EPSS
Exploits1References4
OSV
OSV
added 2022/06/13 12:0 a.m.17 views

CVE-2022-2062 Generation of Error Message Containing Sensitive Information in nocodb/nocodb

Generation of Error Message Containing Sensitive Information in GitHub repository nocodb/nocodb prior to 0.91.7+...

9.1CVSS8.6AI score0.01418EPSS
Exploits1References4
CVE
CVE
added 2022/06/13 12:0 a.m.52 views

CVE-2022-2062

CVE-2022-2062 affects nocodb/nocodb prior to 0.91.7+. The issue is with generation of error messages that disclose sensitive information and with the SMTP plugin lacking verification/validation, enabling potential exposure of internal data. Multiple connected sources corroborate the vulnerability...

9.1CVSS7.6AI score0.01418EPSS
Exploits1References2Affected Software1
Huntr
Huntr
added 2022/06/11 5:36 p.m.19 views

Stored Cross-Site Scripting

Description A stored cross-site scripting vulnerability exists within the Gallery View comments functionality. Replication Steps and PoC Preconditions PC1. A project exists. PC2. A table with a sheet containing data exists in the project. PC3. A gallery view exists. PC4. A user with the editor ro...

3.5CVSS1.2AI score0.00678EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/06/07 8:15 p.m.7 views

CVE-2022-2022

Cross-site Scripting XSS - Stored in GitHub repository nocodb/nocodb prior to 0.91.7...

9CVSS6.8AI score0.00772EPSS
Exploits1References3
Prion
Prion
added 2022/06/07 8:15 p.m.12 views

Cross site scripting

Cross-site Scripting XSS - Stored in GitHub repository nocodb/nocodb prior to 0.91.7...

3.5CVSS5.3AI score0.00772EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/06/07 5:50 p.m.26 views

CVE-2022-2022 Cross-site Scripting (XSS) - Stored in nocodb/nocodb

Cross-site Scripting XSS - Stored in GitHub repository nocodb/nocodb prior to 0.91.7...

9CVSS5.6AI score0.00772EPSS
Exploits1References2
OSV
OSV
added 2022/06/07 5:50 p.m.17 views

CVE-2022-2022 Cross-site Scripting (XSS) - Stored in nocodb/nocodb

Cross-site Scripting XSS - Stored in GitHub repository nocodb/nocodb prior to 0.91.7...

9CVSS8AI score0.00772EPSS
Exploits1References4
CVE
CVE
added 2022/06/07 5:50 p.m.76 views

CVE-2022-2022

CVE-2022-2022 is a stored XSS vulnerability in NocoDB (nocodb/nocodb) prior to 0.91.7. Affected component is the web app input handling (e.g., Project Title) that can inject scripts into pages, enabling context with user interaction. Public documents indicate an XSS risk has been demonstrated in ...

9CVSS5.7AI score0.00772EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2022/06/07 12:0 a.m.5 views

NocoDB 跨站脚本漏洞

NocoDB is an open source Airtable replacement. Convert any MySql, PostgreSql, Sql Server, Sqlite and MariaDb into a smart spreadsheet. A security vulnerability exists in NocoDB version 0.91.7, which stems from the presence of a cross-site scripting issue...

9CVSS7AI score0.00772EPSS
Exploits1References5
Huntr
Huntr
added 2022/06/03 6:32 p.m.28 views

Account takeover due to stored XSS in "Project Title"

Description The Project "Title" of the NocoDB application is vulnerable to stored xss which can leads to admin account takeover. Proof of Concept Login with low privileged users and Click on "New Project" then click on "Create" Now write the payload and again click on "Create" Then login from sup...

3.5CVSS0.6AI score0.00772EPSS
Exploits1
Veracode
Veracode
added 2022/01/11 7:0 a.m.22 views

Information Disclosure

nocodb is vulnerable to information disclosure.The library does not properly sanitize the error message of the password rest when requesting a password reset for a given email address, allowing an attacker to enumerate the registered users email addresses...

5.3CVSS4.5AI score0.01367EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2022/01/11 4:11 a.m.20 views

CSV Injection

nocodb is vulnerable to CSV injection attacks. The vulnerability exists due to lack of sanitization in table rows which allows attackers to inject payload and execute in endpoint when administer opens the CSV file...

8CVSS5.6AI score0.0121EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2022/01/10 4:15 p.m.17 views

CVE-2022-22120

In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error message when the email isn't registered within the system. This allows attackers to enumerate the...

5.3CVSS0.01367EPSS
Exploits1References2
NVD
NVD
added 2022/01/10 4:15 p.m.24 views

CVE-2022-22121

In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability Formula Injection. A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a CSV file and opens...

8CVSS0.0121EPSS
Exploits1References2
Prion
Prion
added 2022/01/10 4:15 p.m.23 views

Input validation

In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability Formula Injection. A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a CSV file and opens...

6CVSS7.8AI score0.0121EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/01/10 4:15 p.m.12 views

Design/Logic Flaw

In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error message when the email isn't registered within the system. This allows attackers to enumerate the...

5CVSS5.3AI score0.01367EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/01/10 3:25 p.m.66 views

CVE-2022-22121

CVE-2022-22121 (NocoDB) affects versions 0.81.0–0.83.8. A low-privileged attacker can create a table and inject payloads into table rows; when an administrator exports data to CSV via the User Management endpoint and opens the file, the payload may execute. Root cause stated as lack of sanitizati...

8CVSS7.8AI score0.0121EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder