CVE-2024-41662

24 Jul 2024

Título es

CVE-2024-41662

Mié, 24/07/2024 – 17:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-41662

Descripción en

VNote is a note-taking platform. A Cross-Site Scripting (XSS) vulnerability has been identified in the Markdown rendering functionality of versions 3.18.1 and prior of the VNote note-taking application. This vulnerability allows the injection and execution of arbitrary JavaScript code through which remote code execution can be achieved. A patch for this issue is available at commit f1af78573a0ef51d6ef6a0bc4080cddc8f30a545. Other mitigation strategies include implementing rigorous input sanitization for all Markdown content and utilizing a secure Markdown parser that appropriately escapes or strips potentially dangerous content.

24/07/2024

Vector CVSS:3.1

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)

8.60

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://github.com/vnotex/vnote/commit/f1af78573a0ef51d6ef6a0bc4080cddc8f30a545

https://github.com/vnotex/vnote/security/advisories/GHSA-w655-h68w-vxxc

Enviar en el boletín

Off

CVE-2024-41662

CVE-2024-41662

Jose Alexis Correa Valencia