8 matches found
CVE-2026-42090
Notesnook is a note-taking app focused on user privacy & ease of use. Prior to Notesnook Web/Desktop version 3.3.15 and prior to Notesnook iOS/Android version 3.3.20, a stored XSS vulnerability in the note export flow can be escalated to remote code execution in the desktop app. The root cause is...
CVE-2026-42090 Notesnook: RCE via stored XSS in note export rendering
Notesnook is a note-taking app focused on user privacy & ease of use. Prior to Notesnook Web/Desktop version 3.3.15 and prior to Notesnook iOS/Android version 3.3.20, a stored XSS vulnerability in the note export flow can be escalated to remote code execution in the desktop app. The root cause is...
CVE-2026-42090
Notesnook exposes a stored XSS in the note export flow that can escalate to remote code execution in the desktop app. Root cause: exported fields (title, headline, content) are inserted into the HTML template without escaping, which is then rendered into a same-origin, unsandboxed iframe via ifra...
EUVD-2026-27019
Notesnook is a note-taking app focused on user privacy & ease of use. Prior to Notesnook Web/Desktop version 3.3.15 and prior to Notesnook iOS/Android version 3.3.20, a stored XSS vulnerability in the note export flow can be escalated to remote code execution in the desktop app. The root cause is...
CVE-2026-42090
Notesnook is a note-taking app focused on user privacy & ease of use. Prior to Notesnook Web/Desktop version 3.3.15 and prior to Notesnook iOS/Android version 3.3.20, a stored XSS vulnerability in the note export flow can be escalated to remote code execution in the desktop app. The root cause is...
CVE-2026-42090 Notesnook: RCE via stored XSS in note export rendering
Notesnook is a note-taking app focused on user privacy & ease of use. Prior to Notesnook Web/Desktop version 3.3.15 and prior to Notesnook iOS/Android version 3.3.20, a stored XSS vulnerability in the note export flow can be escalated to remote code execution in the desktop app. The root cause is...
Notesnook 跨站脚本漏洞
Notesnook is an end-to-end encrypted note application developed by Streetwriters. Versions of Notesnook for Web/Desktop prior to 3.3.15, as well as versions for iOS/Android prior to 3.3.20, had a cross-site scripting vulnerability. This vulnerability stemmed from the lack of HTML escaping for...
PT-2026-36859
Name of the Vulnerable Software and Affected Versions Notesnook Web/Desktop versions prior to 3.3.15 Notesnook iOS/Android versions prior to 3.3.20 Description A stored Cross-Site Scripting XSS issue exists in the note export flow. The problem occurs because exported note fields, including title,...