Skip to main content

Vnote

4 CVEs product

Monthly

CVE-2026-15505 LOW Monitor

Cross-site scripting in vnotex vnote up to version 3.20.1 allows a remote attacker with low-level privileges to inject malicious scripts via the YAML frontmatter `p_metaData` argument processed by `/src/data/extra/web/js/markdownit.js`. When a victim views or renders a specially crafted note containing malicious YAML metadata, the injected script executes in their browser context, enabling limited integrity manipulation. No patch is available at time of analysis - the vendor did not respond to responsible disclosure contact - and exploit code is publicly referenced via VulDB.

XSS Vnote
NVD VulDB
CVSS 4.0
2.0
EPSS
0.2%
CVE-2024-41662 CRITICAL POC PATCH Act Now

VNote is a note-taking platform. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE XSS Vnote
NVD GitHub
CVSS 3.1
9.6
EPSS
1.7%
CVE-2023-5701 MEDIUM POC This Month

A vulnerability has been found in vnotex vnote up to 3.17.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vnote
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-8419 MEDIUM POC This Month

VNote 2.2 has XSS via a new text note. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vnote
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
EPSS 0% CVSS 2.0
LOW Monitor

Cross-site scripting in vnotex vnote up to version 3.20.1 allows a remote attacker with low-level privileges to inject malicious scripts via the YAML frontmatter `p_metaData` argument processed by `/src/data/extra/web/js/markdownit.js`. When a victim views or renders a specially crafted note containing malicious YAML metadata, the injected script executes in their browser context, enabling limited integrity manipulation. No patch is available at time of analysis - the vendor did not respond to responsible disclosure contact - and exploit code is publicly referenced via VulDB.

XSS Vnote
NVD VulDB
EPSS 2% CVSS 9.6
CRITICAL POC PATCH Act Now

VNote is a note-taking platform. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE XSS Vnote
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

A vulnerability has been found in vnotex vnote up to 3.17.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vnote
NVD GitHub VulDB
EPSS 1% CVSS 6.1
MEDIUM POC This Month

VNote 2.2 has XSS via a new text note. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vnote
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy