CVE-2023-49781

HIGH Year: 2023
CVSS v3 Score
7.3
High
Weakness Type
CWE-79
View all →

Vulnerability Description

NocoDB is software for building databases as spreadsheets. Prior to 0.202.9, a stored cross-site scripting vulnerability exists within the Formula virtual cell comments functionality. The nc-gui/components/virtual-cell/Formula.vue displays a v-html tag with the value of "urls" whose contents are processed by the function replaceUrlsWithLink(). This function recognizes the pattern URI::(XXX) and creates a hyperlink tag <a> with href=XXX. However, it leaves all the other contents outside of the pattern URI::(XXX) unchanged. This vulnerability is fixed in 0.202.9.

Related Vulnerabilities

CVE-2019-10049

HIGH
CVSS:7.3(High)

It is possible for an attacker with regular user access to the web application of Pydio through 8.2.2 to trick an administrator user into opening a link shared through the application, that in turn op...

CWE-792019

CVE-2019-17331

HIGH
CVSS:7.3(High)

The Data Exchange Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS)...

CWE-792019

CVE-2019-17332

HIGH
CVSS:7.3(High)

The Digital Asset Manager Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripti...

CWE-792019

CVE-2019-17338

HIGH
CVSS:7.3(High)

The user interface component of TIBCO Software Inc.'s TIBCO Patterns - Search contains multiple vulnerabilities that theoretically allow authenticated users to perform persistent cross-site scripting ...

CWE-792019

CVE-2020-15154

HIGH
CVSS:7.3(High)

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components are: content_fields...

CWE-792020

CVE-2020-15155

HIGH
CVSS:7.3(High)

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is toolbar.php. The...

CWE-792020