MidnightBSD

Advisories for znote

CVE-2021-26834 LOW

A cross-site scripting (XSS) vulnerability exists in Znote 0.5.2. An attacker can insert payloads, and the code execution will happen immediately on markdown view mode.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
znote znote 0.5.2
CVE-2022-4614

Cross-site Scripting (XSS) - Stored in GitHub repository alagrede/znote-app prior to 1.7.11.

Products Affected

Vendor Product Version
znote znote *