Bug Bounty
CVE-2023-50717 in nocoDB
pyozzi
2024. 5. 14. 01:31
https://github.com/nocodb/nocodb/security/advisories/GHSA-qg73-g3cf-vhhh
Allow Preview of File with Dangerous Content
### Summary --- Attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading Stored XSS(Cross-Site Script) attack....
github.com
https://github.com/nocodb/nocodb
GitHub - nocodb/nocodb: 🔥 🔥 🔥 Open Source Airtable Alternative
🔥 🔥 🔥 Open Source Airtable Alternative. Contribute to nocodb/nocodb development by creating an account on GitHub.
github.com
추후 writeup 업데이트 예정