Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-4c5q-qvz2-c7bp
Vulnerability ID VCID-4c5q-qvz2-c7bp
Aliases CVE-2023-50717
GHSA-qg73-g3cf-vhhh
Summary NocoDB Allows Preview of Files with Dangerous Content --- Attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading Stored XSS(Cross-Site Script) attack.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-434 Unrestricted Upload of File with Dangerous Type
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.0085 https://api.first.org/data/v1/epss?cve=CVE-2023-50717
epss 0.0085 https://api.first.org/data/v1/epss?cve=CVE-2023-50717
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-qg73-g3cf-vhhh
cvssv3.1 5.7 https://github.com/nocodb/nocodb
generic_textual MODERATE https://github.com/nocodb/nocodb
cvssv3.1 5.7 https://github.com/nocodb/nocodb/security/advisories/GHSA-qg73-g3cf-vhhh
cvssv3.1_qr MODERATE https://github.com/nocodb/nocodb/security/advisories/GHSA-qg73-g3cf-vhhh
generic_textual MODERATE https://github.com/nocodb/nocodb/security/advisories/GHSA-qg73-g3cf-vhhh
ssvc Track https://github.com/nocodb/nocodb/security/advisories/GHSA-qg73-g3cf-vhhh
cvssv3.1 5.7 https://nvd.nist.gov/vuln/detail/CVE-2023-50717
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2023-50717
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2023-50717
https://github.com/nocodb/nocodb
CVE-2023-50717 https://nvd.nist.gov/vuln/detail/CVE-2023-50717
GHSA-qg73-g3cf-vhhh https://github.com/advisories/GHSA-qg73-g3cf-vhhh
GHSA-qg73-g3cf-vhhh https://github.com/nocodb/nocodb/security/advisories/GHSA-qg73-g3cf-vhhh
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/nocodb/nocodb
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/nocodb/nocodb/security/advisories/GHSA-qg73-g3cf-vhhh
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:13:25Z/ Found at https://github.com/nocodb/nocodb/security/advisories/GHSA-qg73-g3cf-vhhh
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-50717
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.75271
EPSS Score 0.0085
Published At June 5, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T16:21:37.731562+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/nocodb/CVE-2023-50717.yml 38.6.0