Znote 0.5.2 XSS Vulnerability Allows Immediate Code Execution on Markdown View Mode

Znote 0.5.2 XSS Vulnerability Allows Immediate Code Execution on Markdown View Mode

CVE-2021-26834 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

A cross-site scripting (XSS) vulnerability exists in Znote 0.5.2. An attacker can insert payloads, and the code execution will happen immediately on markdown view mode.

Learn more about our Web Application Penetration Testing UK.