-
CVE-2023-50717 in nocoDBBug Bounty 2024. 5. 14. 01:31
https://github.com/nocodb/nocodb/security/advisories/GHSA-qg73-g3cf-vhhh
Allow Preview of File with Dangerous Content
### Summary --- Attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading Stored XSS(Cross-Site Script) attack....
github.com
https://github.com/nocodb/nocodb
GitHub - nocodb/nocodb: 🔥 🔥 🔥 Open Source Airtable Alternative
🔥 🔥 🔥 Open Source Airtable Alternative. Contribute to nocodb/nocodb development by creating an account on GitHub.
github.com
추후 writeup 업데이트 예정
'Bug Bounty' 카테고리의 다른 글
CVE-2024-7773/CVE-2024-45436 in Ollama (0) 2024.10.08 CVE-2023-50718 in nocoDB (0) 2024.05.14 KISA 2023 TOP 10 (2) 2024.02.20 [KISA] FastStone v7.4 Stack Buffer Overflow (3) 2020.11.29 [KISA] PicPick v5.0.7 Stack Buffer Overflow (1) 2020.11.29 댓글