How severe is CVE-2023-50717?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.7 out of 10.

What type of vulnerability is CVE-2023-50717?

This is classified as CWE-79, which is a common weakness in software security.

CVE-2023-50717 - MEDIUM Severity | CVSS 5.7

Vulnerability Description

NocoDB is software for building databases as spreadsheets. Starting in verson 0.202.6 and prior to version 0.202.10, an attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading stored cross-site scripting attack. This allows remote attacker to execute JavaScript code in the context of the user accessing the vector. An attacker could have used this vulnerability to execute requests in the name of a logged-in user or potentially collect information about the attacked user by displaying a malicious form. Version 0.202.10 contains a patch for the issue.

Related Vulnerabilities

CVE-2017-9546

MEDIUM

CVSS:5.7(Medium)

admin.php in BigTree through 4.2.18 allows remote authenticated users to cause a denial of service (inability to save revisions) via XSS sequences in a revision name.

CWE-792017

CVE-2019-0949

MEDIUM

CVSS:5.7(Medium)

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnera...

CWE-792019

CVE-2019-0950

MEDIUM

CVSS:5.7(Medium)

CWE-792019

CVE-2019-3418

MEDIUM

CVSS:5.7(Medium)

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by cross-site scripting vulnerability (XSS). Due to incomplete input validation, an authorized user can exploit this vulnerability...

CWE-792019

CVE-2021-3988

MEDIUM

CVSS:5.7(Medium)

A Cross-site Scripting (XSS) vulnerability exists in janeczku/calibre-web, specifically in the file `edit_books.js`. The vulnerability occurs when editing book properties, such as uploading a cover or...

CWE-792021

CVE-2021-41101

MEDIUM

CVSS:5.7(Medium)

wire-server is an open-source back end for Wire, a secure collaboration platform. Before version 2.106.0, the CORS ` Access-Control-Allow-Origin ` header set by `nginz` is set for all subdomains of `....

CWE-792021