← back
CVE-2020-35717

CVE-2020-35717

EPSS 3.8%
zonote through 0.4.0 allows XSS via a crafted note, with resultant Remote Code Execution (because nodeIntegration in webPreferences is true).
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/hmartos/cve-2020-35717https://github.com/zonetti/zonotehttps://medium.com/bugbountywriteup/remote-code-execution-through-cross-site-scripting-in-electron-f3b891ad637https://www.electronjs.org/apps/zonote