CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49781 – NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue
https://notcve.org/view.php?id=CVE-2023-49781
NocoDB is software for building databases as spreadsheets. Prior to 0.202.9, a stored cross-site scripting vulnerability exists within the Formula virtual cell comments functionality. The nc-gui/components/virtual-cell/Formula.vue displays a v-html tag with the value of "urls" whose contents are processed by the function replaceUrlsWithLink(). This function recognizes the pattern URI::(XXX) and creates a hyperlink tag <a> with href=XXX. However, it leaves all the other contents outside of the pattern URI::(XXX) unchanged. • https://github.com/nocodb/nocodb/commit/7f58ce3726dfec71537d8b80474a0f95a48a1574 https://github.com/nocodb/nocodb/security/advisories/GHSA-h6r4-xvw6-jc5h • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50718 – NocoDB SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2023-50718
NocoDB is software for building databases as spreadsheets. Prior to version 0.202.10, an authenticated attacker with create access could conduct a SQL Injection attack on MySQL DB using unescaped `table_name`. This vulnerability may result in leakage of sensitive data in the database. Version 0.202.10 contains a patch for the issue. NocoDB es un software para crear bases de datos como hojas de cálculo. • https://github.com/nocodb/nocodb/security/advisories/GHSA-8fxg-mr34-jqr8 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50717 – NocoDB Allows Preview of File with Dangerous Content
https://notcve.org/view.php?id=CVE-2023-50717
NocoDB is software for building databases as spreadsheets. Starting in verson 0.202.6 and prior to version 0.202.10, an attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading stored cross-site scripting attack. This allows remote attacker to execute JavaScript code in the context of the user accessing the vector. An attacker could have used this vulnerability to execute requests in the name of a logged-in user or potentially collect information about the attacked user by displaying a malicious form. • https://github.com/nocodb/nocodb/security/advisories/GHSA-qg73-g3cf-vhhh • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 18%CPEs: 1EXPL: 3CVE-2023-35843
https://notcve.org/view.php?id=CVE-2023-35843
NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information. • https://github.com/Lserein/CVE-2023-35843 https://github.com/b3nguang/CVE-2023-35843 https://advisory.dw1.io/60 https://github.com/nocodb/nocodb/blob/6decfa2b20c28db9946bddce0bcb1442b683ecae/packages/nocodb/src/lib/controllers/attachment.ctl.ts#L62-L74 https://github.com/nocodb/nocodb/blob/f7ee7e3beb91d313a159895d1edc1aba9d91b0bc/packages/nocodb/src/controllers/attachments.controller.ts#L55-L66 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •