Skip to content

hmartos/cve-2020-35717

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.gitignore
.gitignore
 
 
README.md
README.md
 
 
xss-rce.gif
xss-rce.gif
 
 
xss-rce.znt
xss-rce.znt
 
 

Repository files navigation

CVE-2020–35717

zonote allows XSS via crafted note, with resultant Remote Code Execution (because Node.js integration is enabled).

Steps to exploit the vulnerability

  • Download any zonote affected version
  • Open zonote app
  • Import xss-rce.znt in zonote via Menu > Open
  • Hover over the different links in imported notes

Disclosure Timeline

  • 2020-12-26 Issue discovered and contact with the owner
  • 2020-12-26 Owner express his intention of not maintaining the repository nor fixing the vulnerability
  • 2021-01-01 Public disclosure of the vulnerability

About

Showcase repository for CVE-2020-35717

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published