Filtered by vendor Vnote Project
Subscribe
Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-41662 | 1 Vnote Project | 1 Vnote | 2024-11-21 | N/A | 8.6 HIGH |
VNote is a note-taking platform. A Cross-Site Scripting (XSS) vulnerability has been identified in the Markdown rendering functionality of versions 3.18.1 and prior of the VNote note-taking application. This vulnerability allows the injection and execution of arbitrary JavaScript code through which remote code execution can be achieved. A patch for this issue is available at commit f1af78573a0ef51d6ef6a0bc4080cddc8f30a545. Other mitigation strategies include implementing rigorous input sanitization for all Markdown content and utilizing a secure Markdown parser that appropriately escapes or strips potentially dangerous content. | |||||
CVE-2023-5701 | 1 Vnote Project | 1 Vnote | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
A vulnerability has been found in vnotex vnote up to 3.17.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Markdown File Handler. The manipulation with the input <xss onclick="alert(1)" style=display:block>Click here</xss> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243139. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2019-8419 | 1 Vnote Project | 1 Vnote | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
VNote 2.2 has XSS via a new text note. |