CVE-2022-40274

Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Gridea. This is possible because the application has the 'nodeIntegration' option enabled...

CVE-2022-40274

CVE-2022-40274 affects Gridea 0.9.3. The root cause is the application running with nodeIntegration enabled, allowing an attacker to remotely execute arbitrary code when a user views a malicious Markdown file. Impact is described as high in multiple sources. The documentation does not indicate a ...

PT-2022-25313 · Gridea · Gridea

Name of the Vulnerable Software and Affected Versions: Gridea version 0.9.3 Description: The issue allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Gridea. This is possible because the application has the...

CVE-2022-25224

Proton v0.2.0 allows an attacker to create a malicious link inside a markdown file. When the victim clicks the link, the application opens the site in the current frame allowing an attacker to host JavaScript code in the malicious link in order to trigger an XSS attack. The 'nodeIntegration'...

GHSA-M6MF-HMRH-PH4J Joplin Vulnerable to Cross-site Scripting in Note Content

Joplin version prior to 1.0.90 contains a Cross-site Scripting XSS evolving into code execution due to enabled nodeIntegration for that particular BrowserWindow instance where XSS was identified from vulnerability in Note content field - information on the fix can be found here...

Joplin Vulnerable to Cross-site Scripting in Note Content

Joplin version prior to 1.0.90 contains a Cross-site Scripting XSS evolving into code execution due to enabled nodeIntegration for that particular BrowserWindow instance where XSS was identified from vulnerability in Note content field - information on the fix can be found here...

Design/Logic Flaw

zonote through 0.4.0 allows XSS via a crafted note, with resultant Remote Code Execution because nodeIntegration in webPreferences is true...

CVE-2020-16608

Notable 1.8.4 allows XSS via crafted Markdown text, with resultant remote code execution because nodeIntegration in webPreferences is true...

PlayStation: Websites Can Run Arbitrary Code on Machines Running the 'PlayStation Now' Application

Summary The PlayStation Now application version 11.0.2 is vulnerable to remote code execution RCE. Any website loaded in any browser on the same machine can run arbitrary code on the machine through a vulnerable websocket connection. 1. The local websocket server at localhost:1235 does not check...

CVE-2020-8548

massCode 1.0.0-alpha.6 allows XSS via crafted Markdown text, with resultant remote code execution because nodeIntegration in webPreferences is true...

CVE-2020-8548

massCode 1.0.0-alpha.6 allows XSS via crafted Markdown text, with resultant remote code execution because nodeIntegration in webPreferences is true...

CVE-2020-8548

massCode 1.0.0-alpha.6 allows XSS via crafted Markdown text, with resultant remote code execution because nodeIntegration in webPreferences is true...

CVE-2018-1000536

Medis version 0.6.1 and earlier contains a XSS vulnerability evolving into code execution due to enabled nodeIntegration for the renderer process vulnerability in Key name parameter on new key creation that can result in Unauthorized code execution in the victim's machine, within the rights of th...

CVE-2018-1000536

Medis version 0.6.1 and earlier contains a XSS vulnerability evolving into code execution due to enabled nodeIntegration for the renderer process vulnerability in Key name parameter on new key creation that can result in Unauthorized code execution in the victim's machine, within the rights of th...

Cross site scripting

Medis version 0.6.1 and earlier contains a XSS vulnerability evolving into code execution due to enabled nodeIntegration for the renderer process vulnerability in Key name parameter on new key creation that can result in Unauthorized code execution in the victim's machine, within the rights of th...

CVE-2018-1000534

Joplin version prior to 1.0.90 contains a XSS evolving into code execution due to enabled nodeIntegration for that particular BrowserWindow instance where XSS was identified from vulnerability in Note content field - information on the fix can be found here...

CVE-2018-1000536

Medis version 0.6.1 and earlier contains a XSS vulnerability evolving into code execution due to enabled nodeIntegration for the renderer process vulnerability in Key name parameter on new key creation that can result in Unauthorized code execution in the victim's machine, within the rights of th...

Electron NodeIntegration Remote Code Execution (CVE-2018-1000136)

A remote code execution vulnerability exists in Electron. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Remote Code Execution (RCE)

Electron.js is vulnerable to remote code execution RCE. Github Electron has nodeIntegration enabled by default allowing Javascript to access operating system primitives. This affects all applications that bundle Electron...

CVE-2017-12581

GitHub Electron before 1.6.8 allows remote command execution because of a nodeIntegration bypass vulnerability. This also affects all applications that bundle Electron code equivalent to 1.6.8 or earlier. Bypassing the Same Origin Policy SOP is a precondition; however, recent Electron versions do...