zonote through 0.4.0 allows XSS via a crafted note, with resultant Remote Code Execution (because nodeIntegration in webPreferences is true).
References
Link | Resource |
---|---|
https://github.com/hmartos/cve-2020-35717 | Exploit Third Party Advisory |
https://github.com/zonetti/zonote | Product Third Party Advisory |
https://medium.com/bugbountywriteup/remote-code-execution-through-cross-site-scripting-in-electron-f3b891ad637 | Exploit Third Party Advisory |
https://www.electronjs.org/apps/zonote | Product Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-01-01T09:15:21
Updated: 2021-01-06T17:57:43
Reserved: 2020-12-26T00:00:00
Link: CVE-2020-35717
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-01-01T10:15:12.600
Modified: 2021-01-07T17:10:36.957
Link: CVE-2020-35717
JSON object: View
Redhat Information
No data.
CWE