Note Mark is a web-based Markdown notes app. A stored cross-site scripting (XSS) vulnerability in Note Mark allows attackers to execute arbitrary web scripts via a crafted payload injected into the URL value of a link in the markdown content. This vulnerability is fixed in 0.13.1.
References
Link | Resource |
---|---|
https://github.com/enchant97/note-mark/commit/a0997facb82f85bfb8c0d497606d89e7d150e182 | Patch |
https://github.com/enchant97/note-mark/security/advisories/GHSA-rm48-9mqf-8jc3 | Exploit Vendor Advisory |
Configurations
History
06 Sep 2024, 21:34
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/enchant97/note-mark/commit/a0997facb82f85bfb8c0d497606d89e7d150e182 - Patch | |
References | () https://github.com/enchant97/note-mark/security/advisories/GHSA-rm48-9mqf-8jc3 - Exploit, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
First Time |
Enchantedcode
Enchantedcode note Mark |
|
Summary |
|
|
CPE | cpe:2.3:a:enchantedcode:note_mark:*:*:*:*:*:*:*:* |
29 Jul 2024, 16:21
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-29 16:15
Updated : 2024-09-06 21:34
NVD link : CVE-2024-41819
Mitre link : CVE-2024-41819
CVE.ORG link : CVE-2024-41819
JSON object : View
Products Affected
enchantedcode
- note_mark
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')