Pranav C

4 exploits Active since Jan 2022
CVE-2025-27506 WRITEUP MEDIUM WRITEUP
NocoDB < 0.258.0 - Reflected Cross-Site Scripting via Password Reset Endpoint
NocoDB is software for building databases as spreadsheets. The API endpoint related to the password reset function is vulnerable to Reflected Cross-Site-Scripting. The endpoint /api/v1/db/auth/password/reset/:tokenId is vulnerable to Reflected Cross-Site-Scripting. The flaw occurs due to implementation of the client-side template engine ejs, specifically on file resetPassword.ts where the template is using the insecure function “<%-“, which is rendered by the function renderPasswordReset. This vulnerability is fixed in 0.258.0.
CVSS 5.4
CVE-2022-22120 WRITEUP MEDIUM WRITEUP
NocoDB 0.9-0.83.8 - User Enumeration via Password Reset Error Message
In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error message when the email isn't registered within the system. This allows attackers to enumerate the registered users' email addresses.
CVSS 5.3
CVE-2022-22121 WRITEUP HIGH WRITEUP
NocoDB 0.81.0-0.83.8 - CSV Injection via User Management Export
In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection). A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a CSV file and opens it, the payload gets executed.
CVSS 8.0
CVE-2023-49781 WRITEUP HIGH WRITEUP
NocoDB < 0.202.9 - Stored Cross-Site Scripting in Formula Virtual Cell Comments
NocoDB is software for building databases as spreadsheets. Prior to 0.202.9, a stored cross-site scripting vulnerability exists within the Formula virtual cell comments functionality. The nc-gui/components/virtual-cell/Formula.vue displays a v-html tag with the value of "urls" whose contents are processed by the function replaceUrlsWithLink(). This function recognizes the pattern URI::(XXX) and creates a hyperlink tag <a> with href=XXX. However, it leaves all the other contents outside of the pattern URI::(XXX) unchanged. This vulnerability is fixed in 0.202.9.
CVSS 7.3