Znote 0.5.2 XSS Vulnerability Allows Immediate Code Execution on Markdown View Mode
CVE-2021-26834 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
A cross-site scripting (XSS) vulnerability exists in Znote 0.5.2. An attacker can insert payloads, and the code execution will happen immediately on markdown view mode.
Learn more about our Web Application Penetration Testing UK.