Note Mark allows an authenticated user to upload any file as a note asset. In versions 0.19.1 and earlier, the asset delivery handler serves uploaded files inline and relies solely on magic‑byte detection to determine MIME type. This approach fails to flag text‑based formats such as HTML, SVG, or XHTML, so the files are served with an empty Content‑Type header, no X‑Content‑Type‑Options: nosniff header and an inline disposition. Modern browsers therefore sniff and render the content, allowing embedded scripts to execute. An attacker can thus upload a malicious HTML or SVG file containing JavaScript; when a victim visits the asset’s URL, the script runs in the context of the Note Mark application, giving the attacker access to the victim’s authenticated session and the ability to perform API actions on their behalf, effectively compromising confidentiality, integrity, and availability for that user.

The vulnerability is present only in the open‑source Note Mark notebook application produced by the CNA enchant97:note‑mark. It applies to all releases up to and including 0.19.1. The fix was released in version 0.19.2, which stops serving uploaded files inline and properly validates content types.

The CVSS base score of 8.7 indicates high severity for cross‑site scripting. There is no EPSS data available, and the vulnerability is not listed in the CISA KEV catalog. The attack requires an authenticated user with upload privileges to place the malicious file and a victim who subsequently opens that asset URL. While upload access is not open to the entire internet, it is typically available to regular users within the application, so an attacker with that capability can easily compromise other users who view the malicious note.