42 matches found
CVE-2026-42090
Notesnook is a note-taking app focused on user privacy & ease of use. Prior to Notesnook Web/Desktop version 3.3.15 and prior to Notesnook iOS/Android version 3.3.20, a stored XSS vulnerability in the note export flow can be escalated to remote code execution in the desktop app. The root cause is...
CVE-2026-42090
Notesnook exposes a stored XSS in the note export flow that can escalate to remote code execution in the desktop app. Root cause: exported fields (title, headline, content) are inserted into the HTML template without escaping, which is then rendered into a same-origin, unsandboxed iframe via ifra...
CVE-2026-42090 Notesnook: RCE via stored XSS in note export rendering
Notesnook is a note-taking app focused on user privacy & ease of use. Prior to Notesnook Web/Desktop version 3.3.15 and prior to Notesnook iOS/Android version 3.3.20, a stored XSS vulnerability in the note export flow can be escalated to remote code execution in the desktop app. The root cause is...
CVE-2026-42090
Notesnook is a note-taking app focused on user privacy & ease of use. Prior to Notesnook Web/Desktop version 3.3.15 and prior to Notesnook iOS/Android version 3.3.20, a stored XSS vulnerability in the note export flow can be escalated to remote code execution in the desktop app. The root cause is...
Notesnook 跨站脚本漏洞
Notesnook is an end-to-end encrypted note application developed by Streetwriters. Versions of Notesnook for Web/Desktop prior to 3.3.15, as well as versions for iOS/Android prior to 3.3.20, had a cross-site scripting vulnerability. This vulnerability stemmed from the lack of HTML escaping for...
CVE-2026-33978
Notesnook is a note-taking app focused on user privacy & ease of use. Prior to version 3.3.17, a stored XSS vulnerability exists in the mobile share / web clip flow because attacker-controlled clip metadata is concatenated into HTML without escaping and then rendered with innerHTML inside the...
CVE-2026-33978
Notesnook is a note-taking app focused on user privacy & ease of use. Prior to version 3.3.17, a stored XSS vulnerability exists in the mobile share / web clip flow because attacker-controlled clip metadata is concatenated into HTML without escaping and then rendered with innerHTML inside the...
CVE-2026-33978 Notesnook: Stored XSS in mobile share editor via unescaped web clip title metadata
Notesnook is a note-taking app focused on user privacy & ease of use. Prior to version 3.3.17, a stored XSS vulnerability exists in the mobile share / web clip flow because attacker-controlled clip metadata is concatenated into HTML without escaping and then rendered with innerHTML inside the...
CVE-2026-33978 Notesnook: Stored XSS in mobile share editor via unescaped web clip title metadata
Notesnook is a note-taking app focused on user privacy & ease of use. Prior to version 3.3.17, a stored XSS vulnerability exists in the mobile share / web clip flow because attacker-controlled clip metadata is concatenated into HTML without escaping and then rendered with innerHTML inside the...
CVE-2026-33978
Notesnook is a note-taking app focused on user privacy & ease of use. Prior to version 3.3.17, a stored XSS vulnerability exists in the mobile share / web clip flow because attacker-controlled clip metadata is concatenated into HTML without escaping and then rendered with innerHTML inside the...
EUVD-2026-17962
Notesnook is a note-taking app focused on user privacy & ease of use. Prior to version 3.3.17, a stored XSS vulnerability exists in the mobile share / web clip flow because attacker-controlled clip metadata is concatenated into HTML without escaping and then rendered with innerHTML inside the...
CVE-2026-33978
Notesnook prior to version 3.3.17 contains a stored XSS in the mobile share/web clip flow. Attacker-controlled clip metadata is concatenated into HTML and rendered with innerHTML in the mobile editor WebView, e.g., via shared title metadata (TITLE/SUBJECT) or link-preview title data, allowing inj...
Notesnook 跨站脚本漏洞
Notesnook is an end-to-end encrypted note application developed by Streetwriters. Versions of Notesnook prior to 3.3.17 contained a cross-site scripting vulnerability. This vulnerability stemmed from stored-cross-site scripting in the mobile sharing or web clipping process. Attackers controlled t...
PT-2026-29568
Notesnook is a note-taking app focused on user privacy & ease of use. Prior to version 3.3.17, a stored XSS vulnerability exists in the mobile share / web clip flow because attacker-controlled clip metadata is concatenated into HTML without escaping and then rendered with innerHTML inside the...
CVE-2026-33955
Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop, a cross-site scripting vulnerability stored in the note history comparison viewer can escalate to remote code execution in a desktop application. The issue is triggered when an attacker-controlled note header is displayed usi...
CVE-2026-33976
Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop and 3.3.17 on Android/iOS, a stored XSS in the Web Clipper rendering flow can be escalated to remote code execution in the desktop app. The root cause is that the clipper preserves attacker-controlled attributes from the sourc...
CVE-2026-33955 Notesnook vulnerable to RCE via stored XSS in Note History diff viewer
Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop, a cross-site scripting vulnerability stored in the note history comparison viewer can escalate to remote code execution in a desktop application. The issue is triggered when an attacker-controlled note header is displayed usi...
CVE-2026-33955 Notesnook vulnerable to RCE via stored XSS in Note History diff viewer
Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop, a cross-site scripting vulnerability stored in the note history comparison viewer can escalate to remote code execution in a desktop application. The issue is triggered when an attacker-controlled note header is displayed usi...
EUVD-2026-16872
Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop, a cross-site scripting vulnerability stored in the note history comparison viewer can escalate to remote code execution in a desktop application. The issue is triggered when an attacker-controlled note header is displayed usi...
CVE-2026-33955 Notesnook vulnerable to RCE via stored XSS in Note History diff viewer
Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop, a cross-site scripting vulnerability stored in the note history comparison viewer can escalate to remote code execution in a desktop application. The issue is triggered when an attacker-controlled note header is displayed usi...