CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-41662

VNote is a note-taking platform. A Cross-Site Scripting (XSS) vulnerability has been identified in the Markdown rendering functionality of versions 3.18.1 and prior of the VNote note-taking application. This vulnerability allows the injection and execution of arbitrary JavaScript code through which remote code execution can be achieved. A patch for this issue is available at commit f1af78573a0ef51d6ef6a0bc4080cddc8f30a545. Other mitigation strategies include implementing rigorous input sanitization for all Markdown content and utilizing a secure Markdown parser that appropriately escapes or strips potentially dangerous content.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.04

EPSS Ranking 88.0%

CVSS Severity

CVSS v3 Score 8.6

References

Products affected by CVE-2024-41662

Vnote Project » Vnote » Version: 1.0

cpe:2.3:a:vnote_project:vnote:1.0
Vnote Project » Vnote » Version: 1.1

cpe:2.3:a:vnote_project:vnote:1.1
Vnote Project » Vnote » Version: 1.10

cpe:2.3:a:vnote_project:vnote:1.10
Vnote Project » Vnote » Version: 1.11

cpe:2.3:a:vnote_project:vnote:1.11
Vnote Project » Vnote » Version: 1.11.1

cpe:2.3:a:vnote_project:vnote:1.11.1
Vnote Project » Vnote » Version: 1.12

cpe:2.3:a:vnote_project:vnote:1.12
Vnote Project » Vnote » Version: 1.13

cpe:2.3:a:vnote_project:vnote:1.13
Vnote Project » Vnote » Version: 1.14

cpe:2.3:a:vnote_project:vnote:1.14
Vnote Project » Vnote » Version: 1.15

cpe:2.3:a:vnote_project:vnote:1.15
Vnote Project » Vnote » Version: 1.16

cpe:2.3:a:vnote_project:vnote:1.16
Vnote Project » Vnote » Version: 1.17

cpe:2.3:a:vnote_project:vnote:1.17
Vnote Project » Vnote » Version: 1.18

cpe:2.3:a:vnote_project:vnote:1.18
Vnote Project » Vnote » Version: 1.19

cpe:2.3:a:vnote_project:vnote:1.19
Vnote Project » Vnote » Version: 1.2

cpe:2.3:a:vnote_project:vnote:1.2
Vnote Project » Vnote » Version: 1.20

cpe:2.3:a:vnote_project:vnote:1.20
Vnote Project » Vnote » Version: 1.21

cpe:2.3:a:vnote_project:vnote:1.21
Vnote Project » Vnote » Version: 1.22

cpe:2.3:a:vnote_project:vnote:1.22
Vnote Project » Vnote » Version: 1.3

cpe:2.3:a:vnote_project:vnote:1.3
Vnote Project » Vnote » Version: 1.4

cpe:2.3:a:vnote_project:vnote:1.4
Vnote Project » Vnote » Version: 1.5

cpe:2.3:a:vnote_project:vnote:1.5
Vnote Project » Vnote » Version: 1.6

cpe:2.3:a:vnote_project:vnote:1.6
Vnote Project » Vnote » Version: 1.7

cpe:2.3:a:vnote_project:vnote:1.7
Vnote Project » Vnote » Version: 1.8

cpe:2.3:a:vnote_project:vnote:1.8
Vnote Project » Vnote » Version: 1.9

cpe:2.3:a:vnote_project:vnote:1.9
Vnote Project » Vnote » Version: 2.0

cpe:2.3:a:vnote_project:vnote:2.0
Vnote Project » Vnote » Version: 2.1

cpe:2.3:a:vnote_project:vnote:2.1
Vnote Project » Vnote » Version: 2.2

cpe:2.3:a:vnote_project:vnote:2.2
Vnote Project » Vnote » Version: 2.3

cpe:2.3:a:vnote_project:vnote:2.3
Vnote Project » Vnote » Version: 2.4

cpe:2.3:a:vnote_project:vnote:2.4
Vnote Project » Vnote » Version: 2.5

cpe:2.3:a:vnote_project:vnote:2.5
Vnote Project » Vnote » Version: 2.6

cpe:2.3:a:vnote_project:vnote:2.6
Vnote Project » Vnote » Version: 2.7

cpe:2.3:a:vnote_project:vnote:2.7
Vnote Project » Vnote » Version: 2.7.1

cpe:2.3:a:vnote_project:vnote:2.7.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-41662

Products

Pricing

Contact Us