Skip to content

hmartos/cve-2020-35717

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 

CVE-2020–35717

zonote allows XSS via crafted note, with resultant Remote Code Execution (because Node.js integration is enabled).

Steps to exploit the vulnerability

  • Download any zonote affected version
  • Open zonote app
  • Import xss-rce.znt in zonote via Menu > Open
  • Hover over the different links in imported notes

Disclosure Timeline

  • 2020-12-26 Issue discovered and contact with the owner
  • 2020-12-26 Owner express his intention of not maintaining the repository nor fixing the vulnerability
  • 2021-01-01 Public disclosure of the vulnerability

About

Showcase repository for CVE-2020-35717

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published