js · nocodbCritical
NocoDB Stored XSS in Row Comments via Unsanitized HTML and Tippy allowHTML
Stored XSS vulnerability in row comments: HTML stored without server-side sanitization, and Tippy tooltip with allowHTML: true executes script on hover.
What changed
Stored XSS vulnerability in row comments: HTML stored without server-side sanitization, and Tippy tooltip with allowHTML: true executes script on hover.
Who it affects
Authenticated users who view rows with comments in expanded form view.
What to do today
Upgrade NocoDB to a patched version or apply server-side sanitization to comment bodies and disable allowHTML in Tippy.
The trail
Collected→
Audited→
Written→
Published
Source
GitHub Advisory · nocodb