Description

NocoDB is software for building databases as spreadsheets. Starting in verson 0.202.6 and prior to version 0.202.10, an attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading stored cross-site scripting attack. This allows remote attacker to execute JavaScript code in the context of the user accessing the vector. An attacker could have used this vulnerability to execute requests in the name of a logged-in user or potentially collect information about the attacked user by displaying a malicious form. Version 0.202.10 contains a patch for the issue.

INFO

Published Date :

2024-05-13T16:05:48.148Z

Last Modified :

2024-08-02T22:16:47.335Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2023-50717 vulnerability.

Vendors Products
Nocodb
  • Nocodb
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2023-50717.

URL Resource
https://github.com/nocodb/nocodb/security/advisories/GHSA-qg73-g3cf-vhhh cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact