VNote is a note-taking platform. A Cross-Site Scripting (XSS) vulnerability has been identified in the Markdown rendering functionality of versions 3.18.1 and prior of the VNote note-taking application. This vulnerability allows the injection and execution of arbitrary JavaScript code through which remote code execution can be achieved. A patch for this issue is available at commit f1af78573a0ef51d6ef6a0bc4080cddc8f30a545. Other mitigation strategies include implementing rigorous input sanitization for all Markdown content and utilizing a secure Markdown parser that appropriately escapes or strips potentially dangerous content.
History

Thu, 03 Oct 2024 01:30:00 +0000

Type Values Removed Values Added
First Time appeared Vnote Project
Vnote Project vnote
CPEs cpe:2.3:a:vnote_project:vnote:*:*:*:*:*:*:*:*
Vendors & Products Vnote Project
Vnote Project vnote

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-07-24T16:55:37.447Z

Updated: 2024-08-02T04:46:52.680Z

Reserved: 2024-07-18T15:21:47.483Z

Link: CVE-2024-41662

cve-icon Vulnrichment

Updated: 2024-08-02T04:46:52.680Z

cve-icon NVD

Status : Modified

Published: 2024-07-24T17:15:11.310

Modified: 2024-11-21T09:32:55.687

Link: CVE-2024-41662

cve-icon Redhat

No data.