PoC Released - CVE-2024-41662 Markdown XSS leads to RCE in VNote version <=3.18.1

Markdown XSS leads to RCE in VNote version <=3.18.1

Severity : High (8.6)

CVSS score : CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Summary :

A Cross-Site Scripting (XSS) vulnerability was identified in the Markdown rendering functionality of the VNote note-taking application. This vulnerability allows the injection and execution of arbitrary JavaScript code, potentially leading to Remote Code Execution (RCE).

Credit: Shebu on X; https://x.com/_sh3bu

More below!

GitHub - sh3bu/CVE-2024-41662: Markdown XSS leads to RCE in VNote version <=3.18.1

Markdown XSS leads to RCE in VNote version <=3.18.1 - sh3bu/CVE-2024-41662

GitHubsh3bu