CVE-2025-27506
published 2025-03-06CVE-2025-27506: NocoDB is software for building databases as spreadsheets. The API endpoint related to the password reset function is vulnerable to Reflected…
PriorityP338medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
0.68%
47.9th percentile
NocoDB is software for building databases as spreadsheets. The API endpoint related to the password reset function is vulnerable to Reflected Cross-Site-Scripting. The endpoint /api/v1/db/auth/password/reset/:tokenId is vulnerable to Reflected Cross-Site-Scripting. The flaw occurs due to implementation of the client-side template engine ejs, specifically on file resetPassword.ts where the template is using the insecure function “<%-“, which is rendered by the function renderPasswordReset. This vulnerability is fixed in 0.258.0.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | clamav-0.103.2-1.cm1.aarch64.rpm_on_cbl_mariner_1.0_arm | — | — |
| msrc | clamav-0.103.2-1.cm1.x86_64.rpm_on_cbl_mariner_1.0_x64 | — | — |
| msrc | clamav-debuginfo-0.103.2-1.cm1.aarch64.rpm_on_cbl_mariner_1.0_arm | — | — |
| msrc | clamav-debuginfo-0.103.2-1.cm1.x86_64.rpm_on_cbl_mariner_1.0_x64 | — | — |
| nocodb | nocodb | < 0.258.0 | 0.258.0 |
| nocodb | nocodb | >= 0 < 0.258.0 | 0.258.0 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vendor_msrc5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
NocoDB Vulnerable to Reflected Cross-Site Scripting on Reset Password Page
osv·2025-03-06
CVE-2025-27506 [MEDIUM] NocoDB Vulnerable to Reflected Cross-Site Scripting on Reset Password Page
NocoDB Vulnerable to Reflected Cross-Site Scripting on Reset Password Page
### Summary
The API endpoint related to the password reset function is vulnerable to Reflected Cross-Site-Scripting.
### Details
Throughout the source-code analysis, it has been found that the endpoint /api/v1/db/auth/password/reset/:tokenId is vulnerable to Reflected Cross-Site-Scripting.
The flaw occurs due to implementation of the client-side template engine ejs, specifically on file resetPassword.ts where the template is using the insecure function “<%-“
https://github.com/nocodb/nocodb/blob/ba5a191b33259d984fc92df225f7d82ede2ddb56/packages/nocodb/src/modules/auth/ui/auth/resetPassword.ts#L71
which is rendered by the function renderPasswordReset:
https://github.com/nocodb/nocodb/blob/ba5a191b33259d984fc92df
GHSA
NocoDB Vulnerable to Reflected Cross-Site Scripting on Reset Password Page
ghsa·2025-03-06
CVE-2025-27506 [MEDIUM] CWE-79 NocoDB Vulnerable to Reflected Cross-Site Scripting on Reset Password Page
NocoDB Vulnerable to Reflected Cross-Site Scripting on Reset Password Page
### Summary
The API endpoint related to the password reset function is vulnerable to Reflected Cross-Site-Scripting.
### Details
Throughout the source-code analysis, it has been found that the endpoint /api/v1/db/auth/password/reset/:tokenId is vulnerable to Reflected Cross-Site-Scripting.
The flaw occurs due to implementation of the client-side template engine ejs, specifically on file resetPassword.ts where the template is using the insecure function “<%-“
https://github.com/nocodb/nocodb/blob/ba5a191b33259d984fc92df225f7d82ede2ddb56/packages/nocodb/src/modules/auth/ui/auth/resetPassword.ts#L71
which is rendered by the function renderPasswordReset:
https://github.com/nocodb/nocodb/blob/ba5a191b33259d984fc92df
Microsoft
The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 t
vendor_msrc·2021-03-09·CVSS 5.5
CVE-2021-27506 [MEDIUM] The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 t
The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This issue is fixed in SNS 3.7.19 3.11.7 and 4.2.1.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog
No detection rules found.
Nuclei
NocoDB < 0.258.0 - Reflected XSS in Password Reset
nuclei·CVSS 6.1
CVE-2025-27506 [MEDIUM] NocoDB < 0.258.0 - Reflected XSS in Password Reset
NocoDB ", "token:")'
condition: and
# digest: 4a0a0047304502200813f6cb9e0fa5f5becc516c9ffd3bfb6f1422c49bfcc908796dc06f84b908cd02210083d2d82e3dd8e4897633fdfaa81de9346cb2f5a185e0f48da21e3c9b82ef2aa3:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
https://github.com/nocodb/nocodb/blob/ba5a191b33259d984fc92df225f7d82ede2ddb56/packages/nocodb/src/modules/auth/auth.controller.ts#L251https://github.com/nocodb/nocodb/blob/ba5a191b33259d984fc92df225f7d82ede2ddb56/packages/nocodb/src/modules/auth/ui/auth/resetPassword.ts#L71https://github.com/nocodb/nocodb/commit/ea821edb133e621e26183ae65c8ff9ee5d6f2723https://github.com/nocodb/nocodb/security/advisories/GHSA-wf6c-hrhf-86cw
2025-03-06
Published