CVE-2023-5701

Name of the Vulnerable Software and Affected Versions vnotex vnote versions up to 3.17.0

Description A vulnerability has been found in the Markdown File Handler component, which can be exploited to lead to cross-site scripting. The manipulation with the input <xss onclick="alert(1)" style=display:block>Click here</xss> can be used to launch a remote attack. The exploit has been disclosed to the public.

Recommendations For versions up to 3.17.0, consider disabling the Markdown File Handler component until a patch is available. Restrict access to potentially vulnerable markdown files to minimize the risk of exploitation. Avoid using the onclick attribute in markdown files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.