CVE-2023-50717 (GCVE-0-2023-50717)
Vulnerability from cvelistv5 – Published: 2024-05-13 16:05 – Updated: 2024-08-02 22:16
VLAI?
Summary
NocoDB is software for building databases as spreadsheets. Starting in verson 0.202.6 and prior to version 0.202.10, an attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading stored cross-site scripting attack. This allows remote attacker to execute JavaScript code in the context of the user accessing the vector. An attacker could have used this vulnerability to execute requests in the name of a logged-in user or potentially collect information about the attacked user by displaying a malicious form. Version 0.202.10 contains a patch for the issue.
Severity ?
5.7 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:nocodb:nocodb:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nocodb",
"vendor": "nocodb",
"versions": [
{
"lessThanOrEqual": "0.202.6",
"status": "affected",
"version": "0.202.6*",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:nocodb:nocodb:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nocodb",
"vendor": "nocodb",
"versions": [
{
"lessThan": "0.202.10",
"status": "affected",
"version": "0.202.10*",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50717",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-13T17:13:25.707918Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:55.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:47.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nocodb/nocodb/security/advisories/GHSA-qg73-g3cf-vhhh",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nocodb/nocodb/security/advisories/GHSA-qg73-g3cf-vhhh"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nocodb",
"vendor": "nocodb",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.202.6, \u003c 0.202.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NocoDB is software for building databases as spreadsheets. Starting in verson 0.202.6 and prior to version 0.202.10, an attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading stored cross-site scripting attack. This allows remote attacker to execute JavaScript code in the context of the user accessing the vector. An attacker could have used this vulnerability to execute requests in the name of a logged-in user or potentially collect information about the attacked user by displaying a malicious form. Version 0.202.10 contains a patch for the issue.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-13T16:05:48.148Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nocodb/nocodb/security/advisories/GHSA-qg73-g3cf-vhhh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nocodb/nocodb/security/advisories/GHSA-qg73-g3cf-vhhh"
}
],
"source": {
"advisory": "GHSA-qg73-g3cf-vhhh",
"discovery": "UNKNOWN"
},
"title": "NocoDB Allows Preview of File with Dangerous Content"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-50717",
"datePublished": "2024-05-13T16:05:48.148Z",
"dateReserved": "2023-12-11T17:53:36.030Z",
"dateUpdated": "2024-08-02T22:16:47.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"NocoDB is software for building databases as spreadsheets. Starting in verson 0.202.6 and prior to version 0.202.10, an attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading stored cross-site scripting attack. This allows remote attacker to execute JavaScript code in the context of the user accessing the vector. An attacker could have used this vulnerability to execute requests in the name of a logged-in user or potentially collect information about the attacked user by displaying a malicious form. Version 0.202.10 contains a patch for the issue.\\n\"}, {\"lang\": \"es\", \"value\": \"NocoDB es un software para crear bases de datos como hojas de c\\u00e1lculo. A partir de la versi\\u00f3n 0.202.6 y anteriores a la versi\\u00f3n 0.202.10, un atacante puede cargar un archivo html con contenido malicioso. Si el usuario intenta abrir ese archivo en el navegador, se pueden ejecutar script maliciosas, lo que lleva a un ataque de Cross Site Scripting almacenados. Esto permite a un atacante remoto ejecutar c\\u00f3digo JavaScript en el contexto del usuario que accede al vector. Un atacante podr\\u00eda haber utilizado esta vulnerabilidad para ejecutar solicitudes en nombre de un usuario que inici\\u00f3 sesi\\u00f3n o potencialmente recopilar informaci\\u00f3n sobre el usuario atacado mostrando un formulario malicioso. La versi\\u00f3n 0.202.10 contiene un parche para el problema.\"}]",
"id": "CVE-2023-50717",
"lastModified": "2024-11-21T08:37:12.030",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N\", \"baseScore\": 5.7, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.1, \"impactScore\": 3.6}]}",
"published": "2024-05-14T14:17:01.190",
"references": "[{\"url\": \"https://github.com/nocodb/nocodb/security/advisories/GHSA-qg73-g3cf-vhhh\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/nocodb/nocodb/security/advisories/GHSA-qg73-g3cf-vhhh\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}, {\"lang\": \"en\", \"value\": \"CWE-434\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-50717\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-05-14T14:17:01.190\",\"lastModified\":\"2025-08-26T18:52:30.007\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"NocoDB is software for building databases as spreadsheets. Starting in verson 0.202.6 and prior to version 0.202.10, an attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading stored cross-site scripting attack. This allows remote attacker to execute JavaScript code in the context of the user accessing the vector. An attacker could have used this vulnerability to execute requests in the name of a logged-in user or potentially collect information about the attacked user by displaying a malicious form. Version 0.202.10 contains a patch for the issue.\\n\"},{\"lang\":\"es\",\"value\":\"NocoDB es un software para crear bases de datos como hojas de c\u00e1lculo. A partir de la versi\u00f3n 0.202.6 y anteriores a la versi\u00f3n 0.202.10, un atacante puede cargar un archivo html con contenido malicioso. Si el usuario intenta abrir ese archivo en el navegador, se pueden ejecutar script maliciosas, lo que lleva a un ataque de Cross Site Scripting almacenados. Esto permite a un atacante remoto ejecutar c\u00f3digo JavaScript en el contexto del usuario que accede al vector. Un atacante podr\u00eda haber utilizado esta vulnerabilidad para ejecutar solicitudes en nombre de un usuario que inici\u00f3 sesi\u00f3n o potencialmente recopilar informaci\u00f3n sobre el usuario atacado mostrando un formulario malicioso. La versi\u00f3n 0.202.10 contiene un parche para el problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":5.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.1,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"},{\"lang\":\"en\",\"value\":\"CWE-434\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-434\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nocodb:nocodb:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"0.202.6\",\"versionEndExcluding\":\"0.202.10\",\"matchCriteriaId\":\"7888171B-0189-495E-91D8-40E727E3CC61\"}]}]}],\"references\":[{\"url\":\"https://github.com/nocodb/nocodb/security/advisories/GHSA-qg73-g3cf-vhhh\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/nocodb/nocodb/security/advisories/GHSA-qg73-g3cf-vhhh\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/nocodb/nocodb/security/advisories/GHSA-qg73-g3cf-vhhh\", \"name\": \"https://github.com/nocodb/nocodb/security/advisories/GHSA-qg73-g3cf-vhhh\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T22:16:47.335Z\"}}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-50717\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-13T17:13:25.707918Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:nocodb:nocodb:*:*:*:*:*:*:*:*\"], \"vendor\": \"nocodb\", \"product\": \"nocodb\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.202.6*\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"0.202.6\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:nocodb:nocodb:*:*:*:*:*:*:*:*\"], \"vendor\": \"nocodb\", \"product\": \"nocodb\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.202.10*\", \"lessThan\": \"0.202.10\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-13T17:17:13.693Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"title\": \"NocoDB Allows Preview of File with Dangerous Content\", \"source\": {\"advisory\": \"GHSA-qg73-g3cf-vhhh\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"nocodb\", \"product\": \"nocodb\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 0.202.6, \u003c 0.202.10\"}]}], \"references\": [{\"url\": \"https://github.com/nocodb/nocodb/security/advisories/GHSA-qg73-g3cf-vhhh\", \"name\": \"https://github.com/nocodb/nocodb/security/advisories/GHSA-qg73-g3cf-vhhh\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"NocoDB is software for building databases as spreadsheets. Starting in verson 0.202.6 and prior to version 0.202.10, an attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading stored cross-site scripting attack. This allows remote attacker to execute JavaScript code in the context of the user accessing the vector. An attacker could have used this vulnerability to execute requests in the name of a logged-in user or potentially collect information about the attacked user by displaying a malicious form. Version 0.202.10 contains a patch for the issue.\\n\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-434\", \"description\": \"CWE-434: Unrestricted Upload of File with Dangerous Type\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-05-13T16:05:48.148Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-50717\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T22:16:47.335Z\", \"dateReserved\": \"2023-12-11T17:53:36.030Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-05-13T16:05:48.148Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
FKIE_CVE-2023-50717
Vulnerability from fkie_nvd - Published: 2024-05-14 14:17 - Updated: 2025-08-26 18:52
Severity ?
5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
NocoDB is software for building databases as spreadsheets. Starting in verson 0.202.6 and prior to version 0.202.10, an attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading stored cross-site scripting attack. This allows remote attacker to execute JavaScript code in the context of the user accessing the vector. An attacker could have used this vulnerability to execute requests in the name of a logged-in user or potentially collect information about the attacked user by displaying a malicious form. Version 0.202.10 contains a patch for the issue.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/nocodb/nocodb/security/advisories/GHSA-qg73-g3cf-vhhh | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/nocodb/nocodb/security/advisories/GHSA-qg73-g3cf-vhhh | Exploit, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nocodb:nocodb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7888171B-0189-495E-91D8-40E727E3CC61",
"versionEndExcluding": "0.202.10",
"versionStartIncluding": "0.202.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NocoDB is software for building databases as spreadsheets. Starting in verson 0.202.6 and prior to version 0.202.10, an attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading stored cross-site scripting attack. This allows remote attacker to execute JavaScript code in the context of the user accessing the vector. An attacker could have used this vulnerability to execute requests in the name of a logged-in user or potentially collect information about the attacked user by displaying a malicious form. Version 0.202.10 contains a patch for the issue.\n"
},
{
"lang": "es",
"value": "NocoDB es un software para crear bases de datos como hojas de c\u00e1lculo. A partir de la versi\u00f3n 0.202.6 y anteriores a la versi\u00f3n 0.202.10, un atacante puede cargar un archivo html con contenido malicioso. Si el usuario intenta abrir ese archivo en el navegador, se pueden ejecutar script maliciosas, lo que lleva a un ataque de Cross Site Scripting almacenados. Esto permite a un atacante remoto ejecutar c\u00f3digo JavaScript en el contexto del usuario que accede al vector. Un atacante podr\u00eda haber utilizado esta vulnerabilidad para ejecutar solicitudes en nombre de un usuario que inici\u00f3 sesi\u00f3n o potencialmente recopilar informaci\u00f3n sobre el usuario atacado mostrando un formulario malicioso. La versi\u00f3n 0.202.10 contiene un parche para el problema."
}
],
"id": "CVE-2023-50717",
"lastModified": "2025-08-26T18:52:30.007",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-05-14T14:17:01.190",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/nocodb/nocodb/security/advisories/GHSA-qg73-g3cf-vhhh"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/nocodb/nocodb/security/advisories/GHSA-qg73-g3cf-vhhh"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2023-50717
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-50717",
"id": "GSD-2023-50717"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-50717"
],
"id": "GSD-2023-50717",
"modified": "2023-12-13T01:20:31.453874Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2023-50717",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
}
}
GHSA-QG73-G3CF-VHHH
Vulnerability from github – Published: 2024-05-13 16:46 – Updated: 2025-08-21 19:16
VLAI?
Summary
NocoDB Allows Preview of Files with Dangerous Content
Details
Summary
Attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading Stored XSS(Cross-Site Script) attack.
PoC
NocoDB was configured using the Release Binary Noco-macos-arm64, and nocodb version 0.202.9 (currently the latest version) was used.
binary hash infos: md5(164b727f287af56168bc16fba622d0b4) / sha256(43e8e97f4c5f5330613abe071a359f84e4514b7186f92954b678087c37b7832e)
1. Run the binary to start the server and access the arbitrary table dashboard.
Here, used the default Features table.
2. Click + in the table field header to add an attachment field.
3. Click the Add File(s) button to select and upload files.
Here, test.html containing <script>alert(document.domain)</script> was uploaded.
4. Check the uploaded file path.
<img width="1163" alt="image" src="https://user-images.githubusercontent.com/86613161/287473337-b1c7c781-2fb5-4bd0-b464-dbd3d4158f04.png"
5. Access the uploaded file path.
When the file path is accessed, the <script>alert(document.domain)</script> script statement contained in the file is executed and the server host appears in the alert message.
Impact
This allows remote attacker to execute JavaScript code in the context of the user accessing the vector. An attacker could have used this vulnerability to execute requests in the name of a logged-in user or potentially collect information about the attacked user by displaying a malicious form.
Severity ?
5.7 (Medium)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.202.9"
},
"package": {
"ecosystem": "npm",
"name": "nocodb"
},
"ranges": [
{
"events": [
{
"introduced": "0.202.6"
},
{
"fixed": "0.202.10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-50717"
],
"database_specific": {
"cwe_ids": [
"CWE-434",
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2024-05-13T16:46:49Z",
"nvd_published_at": "2024-05-14T14:17:01Z",
"severity": "MODERATE"
},
"details": "### Summary\n---\nAttacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading Stored XSS(Cross-Site Script) attack.\n\n### PoC\n---\nNocoDB was configured using the Release Binary `Noco-macos-arm64`, and nocodb version 0.202.9 (currently the latest version) was used.\nbinary hash infos: md5(164b727f287af56168bc16fba622d0b4) / sha256(43e8e97f4c5f5330613abe071a359f84e4514b7186f92954b678087c37b7832e)\n\u003cimg width=\"665\" alt=\"image\" src=\"https://user-images.githubusercontent.com/86613161/287472673-aeb60a02-2080-429f-8583-9f130ab62779.png\"\u003e\n\n### 1. Run the binary to start the server and access the arbitrary table dashboard.\n\u003cimg width=\"830\" alt=\"image\" src=\"https://user-images.githubusercontent.com/86613161/287472852-98b2286e-ad66-45bf-b503-63780619d775.png\"\u003e\n\nHere, used the default `Features` table.\n\n### 2. Click `+` in the table `field header` to add an `attachment` field.\n\u003cimg width=\"1173\" alt=\"image\" src=\"https://user-images.githubusercontent.com/86613161/287472936-98a67213-a547-4e71-915c-d2a43300530b.png\"\u003e\n\n### 3. Click the `Add File(s)` button to select and upload files.\n\n\u003cimg width=\"1132\" alt=\"image\" src=\"https://user-images.githubusercontent.com/86613161/287473041-0801ff39-e48c-4746-8518-be825bfd5533.png\"\u003e\n\nHere, `test.html` containing `\u003cscript\u003ealert(document.domain)\u003c/script\u003e` was uploaded.\n\n### 4. Check the uploaded file path.\n\u003cimg width=\"1163\" alt=\"image\" src=\"https://user-images.githubusercontent.com/86613161/287473337-b1c7c781-2fb5-4bd0-b464-dbd3d4158f04.png\"\n\n### 5. Access the uploaded file path.\n\u003cimg width=\"1201\" alt=\"image\" src=\"https://user-images.githubusercontent.com/86613161/287473278-410f9228-58e3-4ee4-b111-70cdbffa9ed5.png\"\u003e\n\nWhen the file path is accessed, the `\u003cscript\u003ealert(document.domain)\u003c/script\u003e` script statement contained in the file is executed and the server host appears in the alert message.\n\n\n### Impact\n---\nThis allows remote attacker to execute JavaScript code in the context of the user accessing the vector. An attacker could have used this vulnerability to execute requests in the name of a logged-in user or potentially collect information about the attacked user by displaying a malicious form.",
"id": "GHSA-qg73-g3cf-vhhh",
"modified": "2025-08-21T19:16:05Z",
"published": "2024-05-13T16:46:49Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/nocodb/nocodb/security/advisories/GHSA-qg73-g3cf-vhhh"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50717"
},
{
"type": "PACKAGE",
"url": "https://github.com/nocodb/nocodb"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "NocoDB Allows Preview of Files with Dangerous Content"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…