XSS in Nocodb
CVE-2026-47387
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared form-view submit handler (packages/nc-gui/composables/useSharedFormViewStore.ts) in NocoDB writes the form's redirect_url to window.location.href aft…
Vulnerability class: XSS (Cross-Site Scripting)
Affected products
- Nocodb — versions < 2026.05.1
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)