NocoDB: Reflected Cross-Site Scripting via Page Leaving Redirect URL
Description
Summary
A reflected XSS vulnerability exists in the Page Leaving Warning page. The ncRedirectUrl and ncBackUrl query parameters are used in window.location.href and ` tag bindings without validation, allowing javascript:` URI injection.
Details
PageLeavingWarning.vue reads ncRedirectUrl and ncBackUrl directly from the route query without validation. When isSameOriginUrl() returns false (as it does for javascript: URIs), the raw URL is assigned to window.location.href, executing arbitrary JavaScript. The redirect URL is also bound directly to an ` tag's href` attribute.
Impact
An attacker can execute arbitrary JavaScript in the context of the NocoDB application by sending a crafted link to a victim. No authentication is required.
Credit
This issue was reported by @naoyashiga.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
nocodbnpm | <= 0.301.3 | — |
Affected products
1Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.