Explore Vulnerabilities SQL Injection Cross-Site Scripting (XSS) Buffer Overflow Denial of Service Remote Code Execution Remote File Include Directory Traversal HTML Injection Stack Overflow Authentication Bypass
by: Alessio Romano (sfoffo) vendor: Enchanted Code Show More Stored Cross-Site Scripting (XSS) in NoteMark The vulnerability exists in NoteMark version 0.13.0 and below. By injecting a malicious payload into a note and rendering it using the 'Rendered' tab, an attacker can execute arbitrary JavaScript code in the context of the user's session. 6.1 CVSS HIGH Stored Cross-Site Scripting (XSS) 79 CWE Product Name NoteMark Platforms Tested Linux Affected Version From: 0.13.0 To: 0.13.0 and below 2024