Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) nocodb is a NocoDB Affected versions of this package are vulnerable to Cross-site Scripting (XSS) through the password reset API endpoint `/api/v1/db/auth/password/reset/`. An attacker can execute scripts in the context of the user's browser session by convincing the user to follow a malicious link. How to fix Cross-site Scripting (XSS)? Upgrade `nocodb` to version 0.258.0 or higher.	<0.258.0
H Cross-site Scripting (XSS) nocodb is a NocoDB Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `replaceUrlsWithLink` function. An attacker can execute arbitrary JavaScript code by embedding malicious content within the formula fields that are improperly sanitized before being displayed. How to fix Cross-site Scripting (XSS)? Upgrade `nocodb` to version 0.202.9 or higher.	<0.202.9
M SQL Injection nocodb is a NocoDB Affected versions of this package are vulnerable to SQL Injection through the `columnList` method. An attacker with create access can execute arbitrary SQL commands and potentially access or modify sensitive data by including a special character (') in the table name to manipulate the SQL query. How to fix SQL Injection? Upgrade `nocodb` to version 0.202.10 or higher.	<0.202.10

Go back to all versions of this package