Lucene search
China National Vulnerability DatabaseCNVD-2022-58391HistoryJun 20, 2022 - 12:00 a.m.
NocoDB Cross-Site Scripting Vulnerability
2022-06-2000:00:00
China National Vulnerability Database
www.cnvd.org.cn
15
nocodb
cross-site scripting
data validation filtering
user-supplied data
comments feature
privilege elevation
EPSS
0.001
Percentile
21.4%
NocoDB is an open source Airtable replacement. Convert any MySql, PostgreSql, Sql Server, Sqlite, and MariaDb into a smart spreadsheet.A cross-site scripting vulnerability exists in versions of NocoDB prior to 0.91.7, which stems from a lack of data validation filtering of user-supplied data and output in the comments feature. An attacker could exploit this vulnerability to elevate privileges to super administrator.
Related
cve
cve
CVE-2022-2079
2022-06-14 09:15:09
huntr
huntr
Stored Cross-Site Scripting
2022-06-11 17:36:01
github
github
Cross-site Scripting in NocoDB
2022-06-15 00:00:24
cvelist
cvelist
CVE-2022-2079 Cross-site Scripting (XSS) - Stored in nocodb/nocodb
2022-06-14 08:40:10
nvd
nvd
CVE-2022-2079
2022-06-14 09:15:09
prion
prion
Cross site scripting
2022-06-14 09:15:00
osv
osv
Cross-site Scripting in NocoDB
2022-06-15 00:00:24