11 matches found
PT-2026-57920
Name of the Vulnerable Software and Affected Versions HedgeDoc versions prior to 1.11.0 Description The GitHub Gist export flow fails to properly validate the OAuth2 state value, checking only for its presence instead of verifying it against the user session. This allows an attacker to forge a...
CVE-2026-42090
Notesnook is a note-taking app focused on user privacy & ease of use. Prior to Notesnook Web/Desktop version 3.3.15 and prior to Notesnook iOS/Android version 3.3.20, a stored XSS vulnerability in the note export flow can be escalated to remote code execution in the desktop app. The root cause is...
CVE-2026-42090
Notesnook is a note-taking app focused on user privacy & ease of use. Prior to Notesnook Web/Desktop version 3.3.15 and prior to Notesnook iOS/Android version 3.3.20, a stored XSS vulnerability in the note export flow can be escalated to remote code execution in the desktop app. The root cause is...
CVE-2026-42090 Notesnook: RCE via stored XSS in note export rendering
Notesnook is a note-taking app focused on user privacy & ease of use. Prior to Notesnook Web/Desktop version 3.3.15 and prior to Notesnook iOS/Android version 3.3.20, a stored XSS vulnerability in the note export flow can be escalated to remote code execution in the desktop app. The root cause is...
CVE-2026-42090 Notesnook: RCE via stored XSS in note export rendering
Notesnook is a note-taking app focused on user privacy & ease of use. Prior to Notesnook Web/Desktop version 3.3.15 and prior to Notesnook iOS/Android version 3.3.20, a stored XSS vulnerability in the note export flow can be escalated to remote code execution in the desktop app. The root cause is...
CVE-2026-42090
Notesnook is a note-taking app focused on user privacy & ease of use. Prior to Notesnook Web/Desktop version 3.3.15 and prior to Notesnook iOS/Android version 3.3.20, a stored XSS vulnerability in the note export flow can be escalated to remote code execution in the desktop app. The root cause is...
CVE-2026-42090
Notesnook exposes a stored XSS in the note export flow that can escalate to remote code execution in the desktop app. Root cause: exported fields (title, headline, content) are inserted into the HTML template without escaping, which is then rendered into a same-origin, unsandboxed iframe via ifra...
EUVD-2026-27019
Notesnook is a note-taking app focused on user privacy & ease of use. Prior to Notesnook Web/Desktop version 3.3.15 and prior to Notesnook iOS/Android version 3.3.20, a stored XSS vulnerability in the note export flow can be escalated to remote code execution in the desktop app. The root cause is...
CVE-2026-42090 Notesnook: RCE via stored XSS in note export rendering
Notesnook is a note-taking app focused on user privacy & ease of use. Prior to Notesnook Web/Desktop version 3.3.15 and prior to Notesnook iOS/Android version 3.3.20, a stored XSS vulnerability in the note export flow can be escalated to remote code execution in the desktop app. The root cause is...
Notesnook 跨站脚本漏洞
Notesnook is an end-to-end encrypted note application developed by Streetwriters. Versions of Notesnook for Web/Desktop prior to 3.3.15, as well as versions for iOS/Android prior to 3.3.20, had a cross-site scripting vulnerability. This vulnerability stemmed from the lack of HTML escaping for...
PT-2026-36859
Name of the Vulnerable Software and Affected Versions Notesnook Web/Desktop versions prior to 3.3.15 Notesnook iOS/Android versions prior to 3.3.20 Description A stored Cross-Site Scripting XSS issue exists in the note export flow. The problem occurs because exported note fields, including title,...