PT-2020-14875 · Notable · Notable

Published

2020-12-10

Updated

2020-12-11

CVE-2020-16608

CVSS v3.1

9.6

Critical

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Notable version 1.8.4

Description The issue allows for XSS via crafted Markdown text, resulting in remote code execution because nodeIntegration in webPreferences is set to true.

Recommendations For version 1.8.4, consider disabling the nodeIntegration in webPreferences to prevent remote code execution until a patch is available. Restrict the use of crafted Markdown text to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-16608

Affected Products

Notable

PT-2020-14875 · Notable · Notable

CVE-2020-16608

Weakness Enumeration

Related Identifiers

Affected Products

References · 11