Soulfoodisgood

**Name of the Vulnerable Software and Affected Versions** Codex versions prior to 1.4.0 **Description** A Cross Site Scripting (XSS) issue exists via the Notebook/Page name field, allowing malicious users to execute arbitrary code through a crafted http code in a .json file. **Recommendations** For versions prior to 1.4.0, update to version 1.4.0 or later to resolve the issue. As a temporary workaround, consider restricting user input in the Notebook/Page name field to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Znote version 0.5.2 Description: A cross-site scripting (XSS) vulnerability exists, allowing an attacker to insert payloads. The code execution will happen immediately on markdown view mode. Recommendations: For Znote version 0.5.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Zettlr version 1.8.7 Description: The issue is related to the lack of filtering of cross-site scripting (XSS) payloads in the markdown-editor, allowing attackers to perform remote code execution via a crafted file. Recommendations: For Zettlr version 1.8.7, update to a version that includes a fix for the XSS filtering issue in the markdown-editor to prevent remote code execution.