Closed
Description
Hello friend,we are farmsec security team,we found a stored xss vulnerability in vnote:
OS Version : Linux
VNote Version :VNote-2.2
Symptoms :
1.The app does not filter specific html tags,as:
<img>
<iframe>
<video>
2.An attacker can execute a javascript script by using a malicious html tag.

How to Repro :
1.Install vnote for linux
https://github.com/tamlok/vnote

2.Click New Note
Fill in the notebook name

Click OK.
3.New folder

Click OK.
4.New text note

5.Fill in the xss vulnerability test payload
payload:<iframe src="javascript:alert('xss')">
6.Access note
Enter Ctrl+T

The code is executed in the browser
Metadata
Metadata
Assignees
Labels
No labels