CVE-2024-41819

Note Mark is a web-based Markdown notes app. A stored cross-site scripting (XSS) vulnerability in Note Mark allows attackers to execute arbitrary web scripts via a crafted payload injected into the URL value of a link in the markdown content. This vulnerability is fixed in 0.13.1.
Configurations

Configuration 1 (hide)

cpe:2.3:a:enchantedcode:note_mark:*:*:*:*:*:*:*:*

History

06 Sep 2024, 21:34

Type Values Removed Values Added
References () https://github.com/enchant97/note-mark/commit/a0997facb82f85bfb8c0d497606d89e7d150e182 - () https://github.com/enchant97/note-mark/commit/a0997facb82f85bfb8c0d497606d89e7d150e182 - Patch
References () https://github.com/enchant97/note-mark/security/advisories/GHSA-rm48-9mqf-8jc3 - () https://github.com/enchant97/note-mark/security/advisories/GHSA-rm48-9mqf-8jc3 - Exploit, Vendor Advisory
CVSS v2 : unknown
v3 : 8.7
v2 : unknown
v3 : 5.4
First Time Enchantedcode
Enchantedcode note Mark
Summary
  • (es) Note Mark es una aplicación de notas Markdown basada en la web. Una vulnerabilidad de Cross Site Scripting (XSS) almacenado en Note Mark permite a los atacantes ejecutar scripts web arbitrarios a través de un payload manipulado inyectado en el valor URL de un enlace en el contenido de rebajas. Esta vulnerabilidad se solucionó en 0.13.1.
CPE cpe:2.3:a:enchantedcode:note_mark:*:*:*:*:*:*:*:*

29 Jul 2024, 16:21

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-29 16:15

Updated : 2024-09-06 21:34


NVD link : CVE-2024-41819

Mitre link : CVE-2024-41819

CVE.ORG link : CVE-2024-41819


JSON object : View

Products Affected

enchantedcode

  • note_mark
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')