Vulnerability Description
VNote is a note-taking platform. A Cross-Site Scripting (XSS) vulnerability has been identified in the Markdown rendering functionality of versions 3.18.1 and prior of the VNote note-taking application. This vulnerability allows the injection and execution of arbitrary JavaScript code through which remote code execution can be achieved. A patch for this issue is available at commit f1af78573a0ef51d6ef6a0bc4080cddc8f30a545. Other mitigation strategies include implementing rigorous input sanitization for all Markdown content and utilizing a secure Markdown parser that appropriately escapes or strips potentially dangerous content.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vnote Project | Vnote | <= 3.18.1 |
Related Weaknesses (CWE)
References
- https://github.com/vnotex/vnote/commit/f1af78573a0ef51d6ef6a0bc4080cddc8f30a545Patch
- https://github.com/vnotex/vnote/security/advisories/GHSA-w655-h68w-vxxcExploitThird Party Advisory
- https://github.com/vnotex/vnote/commit/f1af78573a0ef51d6ef6a0bc4080cddc8f30a545Patch
- https://github.com/vnotex/vnote/security/advisories/GHSA-w655-h68w-vxxcExploitThird Party Advisory
FAQ
What is CVE-2024-41662?
CVE-2024-41662 is a vulnerability with a CVSS score of 8.6 (HIGH). VNote is a note-taking platform. A Cross-Site Scripting (XSS) vulnerability has been identified in the Markdown rendering functionality of versions 3.18.1 and prior of the VNote note-taking applicatio...
How severe is CVE-2024-41662?
CVE-2024-41662 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-41662?
Check the references section above for vendor advisories and patch information. Affected products include: Vnote Project Vnote.