Description

NocoDB is software for building databases as spreadsheets. Prior to 0.202.9, a stored cross-site scripting vulnerability exists within the Formula virtual cell comments functionality. The nc-gui/components/virtual-cell/Formula.vue displays a v-html tag with the value of "urls" whose contents are processed by the function replaceUrlsWithLink(). This function recognizes the pattern URI::(XXX) and creates a hyperlink tag <a> with href=XXX. However, it leaves all the other contents outside of the pattern URI::(XXX) unchanged. This vulnerability is fixed in 0.202.9.

INFO

Published Date :

2024-05-13T18:54:54.196Z

Last Modified :

2024-08-02T22:01:25.824Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2023-49781 vulnerability.

Vendors Products
Nocodb
  • Nocodb
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2023-49781.

URL Resource
https://github.com/nocodb/nocodb/commit/7f58ce3726dfec71537d8b80474a0f95a48a1574 cve-icon cve-icon cve-icon
https://github.com/nocodb/nocodb/security/advisories/GHSA-h6r4-xvw6-jc5h cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact