CVE-2026-33978 Notesnook: Stored XSS in mobile share editor via unescaped web clip title metadata

Notesnook is a note-taking app focused on user privacy & ease of use. Prior to version 3.3.17, a stored XSS vulnerability exists in the mobile share / web clip flow because attacker-controlled clip metadata is concatenated into HTML without escaping and then rendered with innerHTML inside the...