Markdown XSS leads to RCE in VNote version <=3.18.1
Severity : High (8.6)
CVSS score : CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Summary :
A Cross-Site Scripting (XSS) vulnerability was identified in the Markdown rendering functionality of the VNote note-taking application. This vulnerability allows the injection and execution of arbitrary JavaScript code, potentially leading to Remote Code Execution (RCE).
Credit: Shebu on X; https://x.com/_sh3bu
More below!