Lucene search
K

14 matches found

RedhatCVE
RedhatCVE
added 2026/03/04 1:56 a.m.6 views

CVE-2026-28359

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Editor role can inject arbitrary HTML into Rich Text cells by bypassing the TipTap editor and sending raw HTML via the API. This issue has been patched in version 0.301.3...

5.4CVSS5.9AI score0.00147EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/03 8:59 p.m.7 views

NocoDB Vulnerable to Stored Cross-Site Scripting via Rich Text Cells

Summary Rich text cell content rendered via v-html without sanitization, enabling stored XSS. Details Rich text in TextArea.vue was parsed by markdown-it with html: true and injected via v-html without DOMPurify. A user with Editor role can inject arbitrary HTML that executes for all viewers...

5.4CVSS6AI score0.00179EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 8:58 p.m.6 views

NocoDB Vulnerable to Stored Cross-Site Scripting via Comments and Rich Text Cells

Summary User-controlled content in comments and rich text cells was rendered via v-html without sanitization, enabling stored XSS. Details Comments in Comments.vue and rich text in TextArea.vue were parsed by markdown-it with html: true and injected via v-html. The codebase had vue-dompurify-html...

5.4CVSS5.9AI score0.00143EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/03/02 6:36 p.m.3 views

Cross-site Scripting (XSS)

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Cross-site Scripting XSS via the v-html due to the lack of sanitization. An attacker with Editor role can execute arbitrary scripts in the context of a user's browser by storing malicious content in rich text cells...

5.4CVSS5.9AI score0.00179EPSS
Exploits0References2
NVD
NVD
added 2026/03/02 5:16 p.m.8 views

CVE-2026-28359

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Editor role can inject arbitrary HTML into Rich Text cells by bypassing the TipTap editor and sending raw HTML via the API. This issue has been patched in version 0.301.3...

5.4CVSS0.00147EPSS
Exploits0References2
NVD
NVD
added 2026/03/02 5:16 p.m.8 views

CVE-2026-28398

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, user-controlled content in comments and rich text cells was rendered via v-html without sanitization, enabling stored XSS. This issue has been patched in version 0.301.3...

5.4CVSS0.00143EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/02 4:20 p.m.5 views

CVE-2026-28401 NocoDB: Stored Cross-Site Scripting via Rich Text Cells

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, rich text cell content rendered via v-html without sanitization enables stored XSS. This issue has been patched in version 0.301.3...

5.3CVSS5.8AI score0.00179EPSS
Exploits0References2
CVE
CVE
added 2026/03/02 4:20 p.m.11 views

CVE-2026-28401

NocoDB contains a stored XSS vulnerability in rich text cells before version 0.301.3, where content rendered via v-html was not sanitized. The issue is fixed in version 0.301.3. Affected software: NocoDB (prior to 0.301.3). Technical details indicate XSS via rich text cell rendering; no exploitat...

5.4CVSS5.8AI score0.00179EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/02 4:20 p.m.31 views

CVE-2026-28401 NocoDB: Stored Cross-Site Scripting via Rich Text Cells

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, rich text cell content rendered via v-html without sanitization enables stored XSS. This issue has been patched in version 0.301.3...

5.3CVSS0.00179EPSS
Exploits0References2
OSV
OSV
added 2026/03/02 4:20 p.m.3 views

CVE-2026-28401 NocoDB: Stored Cross-Site Scripting via Rich Text Cells

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, rich text cell content rendered via v-html without sanitization enables stored XSS. This issue has been patched in version 0.301.3...

5.3CVSS5.8AI score0.00179EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/02 4:19 p.m.5 views

EUVD-2026-9213

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, user-controlled content in comments and rich text cells was rendered via v-html without sanitization, enabling stored XSS. This issue has been patched in version 0.301.3...

5.3CVSS5.8AI score0.00143EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/02 4:19 p.m.20 views

CVE-2026-28398 NocoDB: Stored Cross-Site Scripting via Comments and Rich Text Cells

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, user-controlled content in comments and rich text cells was rendered via v-html without sanitization, enabling stored XSS. This issue has been patched in version 0.301.3...

5.3CVSS0.00143EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.6 views

PT-2026-22635

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 0.301.3 Description NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, user-controlled content in comments and rich text cells was rendered via v-html without sanitization, enabling...

5.4CVSS5.8AI score0.00143EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.5 views

PT-2026-22630

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Editor role can inject arbitrary HTML into Rich Text cells by bypassing the TipTap editor and sending raw HTML via the API. This issue has been patched in version 0.301.3...

5.3CVSS5.9AI score0.00147EPSS
Exploits0References3
Rows per page
Query Builder