NocoDB is an open source Airtable replacement. Convert any MySql, PostgreSql, Sql Server, Sqlite, and MariaDb into a smart spreadsheet.A cross-site scripting vulnerability exists in versions of NocoDB prior to 0.91.7, which stems from a lack of data validation filtering of user-supplied data and output in the comments feature. An attacker could exploit this vulnerability to elevate privileges to super administrator.