Lucene search
K

4 matches found

OSV
OSV
added 2026/04/01 4:11 p.m.4 views

CVE-2026-33978 Notesnook: Stored XSS in mobile share editor via unescaped web clip title metadata

Notesnook is a note-taking app focused on user privacy & ease of use. Prior to version 3.3.17, a stored XSS vulnerability exists in the mobile share / web clip flow because attacker-controlled clip metadata is concatenated into HTML without escaping and then rendered with innerHTML inside the...

5.4CVSS5.9AI score0.00286EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/04/01 4:11 p.m.29 views

CVE-2026-33978 Notesnook: Stored XSS in mobile share editor via unescaped web clip title metadata

Notesnook is a note-taking app focused on user privacy & ease of use. Prior to version 3.3.17, a stored XSS vulnerability exists in the mobile share / web clip flow because attacker-controlled clip metadata is concatenated into HTML without escaping and then rendered with innerHTML inside the...

5.4CVSS0.00286EPSS
Exploits1References3
CVE
CVE
added 2026/04/01 4:11 p.m.9 views

CVE-2026-33978

Notesnook prior to version 3.3.17 contains a stored XSS in the mobile share/web clip flow. Attacker-controlled clip metadata is concatenated into HTML and rendered with innerHTML in the mobile editor WebView, e.g., via shared title metadata (TITLE/SUBJECT) or link-preview title data, allowing inj...

6.1CVSS5.8AI score0.00286EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/01 4:11 p.m.9 views

CVE-2026-33978 Notesnook: Stored XSS in mobile share editor via unescaped web clip title metadata

Notesnook is a note-taking app focused on user privacy & ease of use. Prior to version 3.3.17, a stored XSS vulnerability exists in the mobile share / web clip flow because attacker-controlled clip metadata is concatenated into HTML without escaping and then rendered with innerHTML inside the...

5.4CVSS5.8AI score0.00286EPSS
Exploits1References3
Rows per page
Query Builder