6.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
8.7%
nocodb is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to insufficient user input sanitization within the Formula virtual cell comments functionality, allowing attackers to inject malicious JavaScript code via crafted URLs.
github.com/advisories/GHSA-h6r4-xvw6-jc5h
github.com/nocodb/nocodb/commit/7f58ce3726dfec71537d8b80474a0f95a48a1574
github.com/nocodb/nocodb/security/advisories/GHSA-h6r4-xvw6-jc5h