CVE-2024-41662

Name of the Vulnerable Software and Affected Versions VNote versions 3.18.1 and prior

Description A Cross-Site Scripting (XSS) vulnerability has been identified in the Markdown rendering functionality of the VNote note-taking application. This issue allows the injection and execution of arbitrary JavaScript code, enabling remote code execution.

Recommendations For versions 3.18.1 and prior, update to a version that includes the patch available at commit f1af78573a0ef51d6ef6a0bc4080cddc8f30a545. As a temporary workaround, consider implementing rigorous input sanitization for all Markdown content. Restrict the use of potentially dangerous Markdown content by utilizing a secure Markdown parser that appropriately escapes or strips such content.