Home > Vulnerability Database > CVE-2024-41662

Mend.io Vulnerability Database

CVE-2024-41662

Good to know:

Date: July 24, 2024

VNote is a note-taking platform. A Cross-Site Scripting (XSS) vulnerability has been identified in the Markdown rendering functionality of versions 3.18.1 and prior of the VNote note-taking application. This vulnerability allows the injection and execution of arbitrary JavaScript code through which remote code execution can be achieved. A patch for this issue is available at commit f1af78573a0ef51d6ef6a0bc4080cddc8f30a545. Other mitigation strategies include implementing rigorous input sanitization for all Markdown content and utilizing a secure Markdown parser that appropriately escapes or strips potentially dangerous content.

Language: JS

Severity Score

8.6

Related Resources (4)

Url: https://github.com/vnotex/vnote/commit/f1af78573a0ef51d6ef6a0bc4080cddc8f30a545

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-41662

Url: https://github.com/vnotex/vnote/security/advisories/GHSA-w655-h68w-vxxc

Url: https://www.mend.io/vulnerability-database/CVE-2024-41662

Severity Score

8.6

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version f1af78573a0ef51d6ef6a0bc4080cddc8f30a545

Learn More

CVSS v3.1

Base Score:	8.6
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-41662

Good to know:

Date: July 24, 2024

Language: JS

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?