Description
A XSS vulnerability exists that leads to arbitrary code execution
Version
v1.0.4
Tested on: Linux
To reproduce
Steps to reproduce the behavior:
Create a new project
Create a new Note with the value:
<img src="asdf" onerror="var os = require('os'); var hostname = os.platform(); var homedir = os.homedir(); alert('Host:' + hostname + 'directory: ' + homedir);">
See the popup
Expected behavior
This cross site scripting vulnerability allows an attacker to execute arbitrary code on the victims machine by creating a malicious note. In the worst case this will lead to a reverse shell. I am not going to paste the code for the reverse shell here for obvious reasons.
The text was updated successfully, but these errors were encountered:
Description
A XSS vulnerability exists that leads to arbitrary code execution
Version
To reproduce
Steps to reproduce the behavior:
Expected behavior
This cross site scripting vulnerability allows an attacker to execute arbitrary code on the victims machine by creating a malicious note. In the worst case this will lead to a reverse shell. I am not going to paste the code for the reverse shell here for obvious reasons.
The text was updated successfully, but these errors were encountered: