GHSA-8VM4-G489-V3W7 NocoDB Vulnerable to Stored Cross-Site Scripting via Comments and Rich Text Cells
Summary User-controlled content in comments and rich text cells was rendered via v-html without sanitization, enabling stored XSS. Details Comments in Comments.vue and rich text in TextArea.vue were parsed by markdown-it with html: true and injected via v-html. The codebase had vue-dompurify-html...