Vnote
Monthly
Cross-site scripting in vnotex vnote up to version 3.20.1 allows a remote attacker with low-level privileges to inject malicious scripts via the YAML frontmatter `p_metaData` argument processed by `/src/data/extra/web/js/markdownit.js`. When a victim views or renders a specially crafted note containing malicious YAML metadata, the injected script executes in their browser context, enabling limited integrity manipulation. No patch is available at time of analysis - the vendor did not respond to responsible disclosure contact - and exploit code is publicly referenced via VulDB.
VNote is a note-taking platform. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
A vulnerability has been found in vnotex vnote up to 3.17.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
VNote 2.2 has XSS via a new text note. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Cross-site scripting in vnotex vnote up to version 3.20.1 allows a remote attacker with low-level privileges to inject malicious scripts via the YAML frontmatter `p_metaData` argument processed by `/src/data/extra/web/js/markdownit.js`. When a victim views or renders a specially crafted note containing malicious YAML metadata, the injected script executes in their browser context, enabling limited integrity manipulation. No patch is available at time of analysis - the vendor did not respond to responsible disclosure contact - and exploit code is publicly referenced via VulDB.
VNote is a note-taking platform. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
A vulnerability has been found in vnotex vnote up to 3.17.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
VNote 2.2 has XSS via a new text note. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.