CVE-2026-28398

Published March 2nd, 2026

View on NVD ↗

CVSS v3

5.4

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, user-controlled content in comments and rich text cells was rendered via v-html without sanitization, enabling stored XSS. This issue has been patched in version 0.301.3.

nocodb/nocodb

🔥 🔥 🔥 A Free & Self-hostable Airtable Alternative

GitHub

63.6K