Note Mark has a stored XSS in the note link href attribute
CVE-2024-41819

5.4MEDIUM

Key Information:

Vendor: Enchant97
Status: Note-mark
Vendor: CVE Published:; 29 July 2024

What is CVE-2024-41819?

Note Mark is a web-based Markdown notes app. A stored cross-site scripting (XSS) vulnerability in Note Mark allows attackers to execute arbitrary web scripts via a crafted payload injected into the URL value of a link in the markdown content. This vulnerability is fixed in 0.13.1.

Affected Version(s)

note-mark <= 0.13.0

References

https://github.com/enchant97/note-mark/security/advisorie...

x_refsource_CONFIRM

https://github.com/enchant97/note-mark/commit/a0997facb82...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 29, 2024

CVE-2024-41819 Data

JSON

Enchant97

What is CVE-2024-41819?

Affected Version(s)

References

CVSS V3.1

Timeline