RSS   Vulnerabilities for 'Notable'   RSS

2022-03-27
 
CVE-2022-26198

CWE-94
 

 
Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a crafted payload injected into the Title text field.

 
2020-12-10
 
CVE-2020-16608

CWE-79
 

 
Notable 1.8.4 allows XSS via crafted Markdown text, with resultant remote code execution (because nodeIntegration in webPreferences is true).

 


Copyright 2024, cxsecurity.com

 

Back to Top