Lucene search
K

7 matches found

NVD
NVD
added 2026/06/23 9:16 p.m.7 views

CVE-2026-46547

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, a reflected XSS vulnerability exists in the Page Leaving Warning page. The ncRedirectUrl and ncBackUrl query parameters are used in window.location.href and tag bindings without validation, allowing javascript: URI...

6.1CVSS0.00156EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 8:42 p.m.27 views

CVE-2026-46547 NocoDB: Reflected Cross-Site Scripting via Page Leaving Redirect URL

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, a reflected XSS vulnerability exists in the Page Leaving Warning page. The ncRedirectUrl and ncBackUrl query parameters are used in window.location.href and tag bindings without validation, allowing javascript: URI...

6.1CVSS0.00156EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 8:42 p.m.16 views

CVE-2026-46547

CVE-2026-46547 (NocoDB) is a reflected XSS in the Page Leaving Warning page. The issue arises because the query parameters ncRedirectUrl and ncBackUrl are used in window.location.href and in an tag href without proper validation, allowing javascript: URI injection. Exploitation could enable arbi...

6.1CVSS5.9AI score0.00156EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/21 8:34 p.m.13 views

NocoDB: Reflected Cross-Site Scripting via Page Leaving Redirect URL

Summary A reflected XSS vulnerability exists in the Page Leaving Warning page. The ncRedirectUrl and ncBackUrl query parameters are used in window.location.href and tag bindings without validation, allowing javascript: URI injection. Details PageLeavingWarning.vue reads ncRedirectUrl and ncBackUr...

6.1CVSS6AI score0.00156EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/21 8:34 p.m.4 views

GHSA-9QGR-6VPG-9GH9 NocoDB: Reflected Cross-Site Scripting via Page Leaving Redirect URL

Summary A reflected XSS vulnerability exists in the Page Leaving Warning page. The ncRedirectUrl and ncBackUrl query parameters are used in window.location.href and tag bindings without validation, allowing javascript: URI injection. Details PageLeavingWarning.vue reads ncRedirectUrl and ncBackUr...

6.1CVSS6AI score0.00156EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.13 views

PT-2026-42673

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.04.1 Description A reflected Cross-Site Scripting XSS issue exists in the Page Leaving Warning page. The application reads the ncRedirectUrl and ncBackUrl query parameters from the route query without proper...

6.1CVSS6AI score0.00156EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.10 views

PT-2026-42611

Summary A reflected XSS vulnerability exists in the Page Leaving Warning page. The ncRedirectUrl and ncBackUrl query parameters are used in window.location.href and tag bindings without validation, allowing javascript: URI injection. Details PageLeavingWarning.vue reads ncRedirectUrl and ncBackUr...

6.1CVSS6AI score
Exploits0References3
Rows per page
Query Builder