PT-2024-29585 · Note Mark · Note Mark
Alessio-Romano
+1
·
Published
2024-07-29
·
Updated
2026-04-13
·
CVE-2024-41819
CVSS v3.1
8.7
High
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Note Mark versions prior to 0.13.1
Description
A stored cross-site scripting issue allows attackers to execute arbitrary web scripts via a crafted payload injected into the URL value of a link in the markdown content.
Recommendations
For versions prior to 0.13.1, update to version 0.13.1 to resolve the issue.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Note Mark