You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description
A XSS vulnerability exists that leads to arbitrary code execution
Version
v1.0.4
Tested on: Linux
To reproduce
Steps to reproduce the behavior:
Create a new project
Create a new Note with the value:
<img src="asdf" onerror="var os = require('os'); var hostname = os.platform(); var homedir = os.homedir(); alert('Host:' + hostname + 'directory: ' + homedir);">
See the popup
Expected behavior
This cross site scripting vulnerability allows an attacker to execute arbitrary code on the victims machine by creating a malicious note. In the worst case this will lead to a reverse shell. I am not going to paste the code for the reverse shell here for obvious reasons.
The text was updated successfully, but these errors were encountered:
Description
A XSS vulnerability exists that leads to arbitrary code execution
Version
To reproduce
Steps to reproduce the behavior:
Expected behavior
This cross site scripting vulnerability allows an attacker to execute arbitrary code on the victims machine by creating a malicious note. In the worst case this will lead to a reverse shell. I am not going to paste the code for the reverse shell here for obvious reasons.
The text was updated successfully, but these errors were encountered: