Skip to content

hmartos/cve-2020-35717

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 

Repository files navigation

CVE-2020–35717

zonote allows XSS via crafted note, with resultant Remote Code Execution (because Node.js integration is enabled).

Steps to exploit the vulnerability

  • Download any zonote affected version
  • Open zonote app
  • Import xss-rce.znt in zonote via Menu > Open
  • Hover over the different links in imported notes

Disclosure Timeline

  • 2020-12-26 Issue discovered and contact with the owner
  • 2020-12-26 Owner express his intention of not maintaining the repository nor fixing the vulnerability
  • 2021-01-01 Public disclosure of the vulnerability

About

Showcase repository for CVE-2020-35717

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published