CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49781 – NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue
https://notcve.org/view.php?id=CVE-2023-49781
NocoDB is software for building databases as spreadsheets. Prior to 0.202.9, a stored cross-site scripting vulnerability exists within the Formula virtual cell comments functionality. The nc-gui/components/virtual-cell/Formula.vue displays a v-html tag with the value of "urls" whose contents are processed by the function replaceUrlsWithLink(). This function recognizes the pattern URI::(XXX) and creates a hyperlink tag <a> with href=XXX. However, it leaves all the other contents outside of the pattern URI::(XXX) unchanged. • https://github.com/nocodb/nocodb/commit/7f58ce3726dfec71537d8b80474a0f95a48a1574 https://github.com/nocodb/nocodb/security/advisories/GHSA-h6r4-xvw6-jc5h • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50718 – NocoDB SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2023-50718
NocoDB is software for building databases as spreadsheets. Prior to version 0.202.10, an authenticated attacker with create access could conduct a SQL Injection attack on MySQL DB using unescaped `table_name`. This vulnerability may result in leakage of sensitive data in the database. Version 0.202.10 contains a patch for the issue. NocoDB es un software para crear bases de datos como hojas de cálculo. • https://github.com/nocodb/nocodb/security/advisories/GHSA-8fxg-mr34-jqr8 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43794 – SQL Injection in nocodb
https://notcve.org/view.php?id=CVE-2023-43794
Nocodb is an open source Airtable alternative. Affected versions of nocodb contain a SQL injection vulnerability, that allows an authenticated attacker with creator access to query the underlying database. By supplying a specially crafted payload to the given an attacker can inject arbitrary SQL queries to be executed. Since this is a blind SQL injection, an attacker may need to use time-based payloads which would include a function to delay execution for a given number of seconds. The response time indicates, whether the result of the query execution was true or false. • https://github.com/nocodb/nocodb/security/advisories/GHSA-3m5q-q39v-xf8f • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •