PT-2026-57572 · Vnotex · Vnote
Sisubeny
·
Published
2026-07-12
·
Updated
2026-07-12
·
CVE-2026-15505
CVSS v3.1
3.5
Low
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N |
A weakness has been identified in vnotex vnote up to 3.20.1. Impacted is an unknown function of the file /src/data/extra/web/js/markdownit.js of the component YAML Frontmatter. This manipulation of the argument p metaData causes cross site scripting. The attack may be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way.
Fix
Code Injection
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Vnote