Cross-site Scripting (XSS)nocodb is a NocoDB
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the CommentsService component, which uses v-html without proper sanitization. An attacker can execute arbitrary JavaScript code in the context of a user's browser by submitting crafted input that is later viewed by other users.
Note:
This issue affects users of nc-gui frontend.
How to fix Cross-site Scripting (XSS)? Upgrade nocodb to version 0.301.3 or higher.
| |
Cross-site Scripting (XSS)nocodb is a NocoDB
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the v-html due to the lack of sanitization. An attacker with Editor role can execute arbitrary scripts in the context of a user's browser by storing malicious content in rich text cells.
Note:
This issue affects users of nc-gui frontend.
How to fix Cross-site Scripting (XSS)? Upgrade nocodb to version 0.301.3 or higher.
| |
Cross-site Scripting (XSS)nocodb is a NocoDB
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the Comment.insert() function that that lacks sanitization for stored HTML. An attacker can execute arbitrary JavaScript code in the context of the user's browser by submitting crafted input that is later viewed by other users.
Note:
This issue affects users of nc-gui frontend.
How to fix Cross-site Scripting (XSS)? Upgrade nocodb to version 0.301.3 or higher.
| |
SQL Injectionnocodb is a NocoDB
Affected versions of this package are vulnerable to SQL Injection via the DATEADD formula's unit parameter. An attacker with the Creator role can execute arbitrary SQL commands by supplying crafted input to this parameter.
How to fix SQL Injection? Upgrade nocodb to version 0.301.3 or higher.
| |
Cross-site Scripting (XSS)nocodb is a NocoDB
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the CommentsService component that lacks sanitization for stored HTML. An attacker can execute arbitrary scripts in the context of users viewing affected rich text fields by injecting unsanitized HTML through the API.
How to fix Cross-site Scripting (XSS)? Upgrade nocodb to version 0.301.3 or higher.
| |
Authorization Bypass Through User-Controlled Keynocodb is a NocoDB
Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the McpTokenService.get(), regenerateToken(), and delete() functions due to missing ownership validation for MCP tokens. An attacker with Creator role privileges can access, regenerate, or delete another user's tokens by knowing the target token ID.
How to fix Authorization Bypass Through User-Controlled Key? Upgrade nocodb to version 0.301.3 or higher.
| |
Insufficient Session Expirationnocodb is a NocoDB
Affected versions of this package are vulnerable to Insufficient Session Expiration in the passwordReset() function that fails to call UserRefreshToken.deleteAllUserToken() to invalidate JWTs. An attacker can maintain unauthorized access by using a previously obtained refresh token to mint valid JWTs even after the victim resets their password.
How to fix Insufficient Session Expiration? Upgrade nocodb to version 0.301.3 or higher.
| |
Information Exposurenocodb is a NocoDB
Affected versions of this package are vulnerable to Information Exposure via the POST /api/v2/auth/password/forgot endpoint. An attacker can determine whether a specific email address is registered by submitting password reset requests and analyzing the differing responses.
How to fix Information Exposure? Upgrade nocodb to version 0.301.3 or higher.
| |
Credential Exposurenocodb is a NocoDB
Affected versions of this package are vulnerable to Credential Exposure in the password column of the nc_views table in public-datas.service.ts, public-metas.service.ts and calendar-datas.service.ts, where passwords are stored in plaintext. An attacker can obtain sensitive authentication credentials by gaining unauthorized access to the database.
How to fix Credential Exposure? Upgrade nocodb to version 0.301.3 or higher.
| |
Open Redirectnocodb is a NocoDB
Affected versions of this package are vulnerable to Open Redirect via the continueAfterSignIn parameter during the authentication process. An attacker can redirect authenticated users to arbitrary external websites by supplying a crafted value, increasing the risk of credential theft through social engineering.
How to fix Open Redirect? Upgrade nocodb to version 0.301.0 or higher.
| |
Cross-site Scripting (XSS)nocodb is a NocoDB
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the SVG upload. An attacker can execute arbitrary JavaScript in the browsers of other users by uploading a crafted SVG file containing embedded scripts, which are rendered inline when viewed.
How to fix Cross-site Scripting (XSS)? Upgrade nocodb to version 0.301.0 or higher.
| |
Prototype Pollutionnocodb is a NocoDB
Affected versions of this package are vulnerable to Prototype Pollution via the deepMerge() function in utils/dataUtils.ts file. An attacker can cause all database write operations to fail application-wide until the server is restarted by sending crafted requests to this endpoint.
Note:
This is only exploitable if the attacker is an authenticated user with org-level-creator permissions.
How to fix Prototype Pollution? Upgrade nocodb to version 0.301.0 or higher.
| |
Server-side Request Forgery (SSRF)nocodb is a NocoDB
Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the uploadViaURL function in the attachments.service.ts file. An attacker can trigger outbound requests to arbitrary URLs by supplying crafted input to the process before validation is enforced.
How to fix Server-side Request Forgery (SSRF)? Upgrade nocodb to version 0.301.0 or higher.
| |
Cross-site Scripting (XSS)nocodb is a NocoDB
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) through the password reset API endpoint /api/v1/db/auth/password/reset/. An attacker can execute scripts in the context of the user's browser session by convincing the user to follow a malicious link.
How to fix Cross-site Scripting (XSS)? Upgrade nocodb to version 0.258.0 or higher.
| |
Cross-site Scripting (XSS)nocodb is a NocoDB
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the replaceUrlsWithLink function. An attacker can execute arbitrary JavaScript code by embedding malicious content within the formula fields that are improperly sanitized before being displayed.
How to fix Cross-site Scripting (XSS)? Upgrade nocodb to version 0.202.9 or higher.
| |
SQL Injectionnocodb is a NocoDB
Affected versions of this package are vulnerable to SQL Injection through the columnList method. An attacker with create access can execute arbitrary SQL commands and potentially access or modify sensitive data by including a special character (') in the table name to manipulate the SQL query.
How to fix SQL Injection? Upgrade nocodb to version 0.202.10 or higher.
| |
SQL Injectionnocodb is a NocoDB
Affected versions of this package are vulnerable to SQL Injection via the triggerList function in SqliteClient.ts. An attacker can inject arbitrary SQL queries to be executed by supplying a specially crafted payload to the table_name parameter in the tableCreate endpoint. The attacker can reveal the data present in the database by using time-based payloads which would include a function to delay execution for a given number of seconds. The response time indicates whether the result of the query execution was true or false.
Note:
This is only exploitable if the attacker has creator permissions.
How to fix SQL Injection? Upgrade nocodb to version 0.111.0 or higher.
| |
