CVE-2026-28359

Medium CVSS: 5.3

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Editor role can inject arbitrary HTML into Rich Text cells by bypassing the TipTap editor and sending raw HTML via the API. This issue has been patched in version 0.301.3.

Vendor

Nocodb

Product

Nocodb

CWE

CWE-79

Yayın Tarihi

2026-03-02 17:16:34

Güncelleme

2026-03-03 18:57:42

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-79 Nocodb MEDIUM Nocodb 2026

Referanslar

https://github.com/nocodb/nocodb/releases/tag/0.301.3 https://github.com/nocodb/nocodb/security/advisories/GHSA-qxwq-q265-hc44

Benzer Kayıtlar

Medium

CVE-2026-28399

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Creator…

Medium

CVE-2026-28401

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, rich text cell content rendered via…

Low

CVE-2026-28360

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, shared view passwords were stored i…

Medium

CVE-2026-28361

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the MCP token service did not valid…

Medium

CVE-2026-28396

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password reset flow did not rev…

Medium

CVE-2026-28397

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, comments rendered via v-html withou…