CVE-2021-47963

Anote 1.0 Persistent Cross-Site Scripting Leading to Code Execution

CVSS 5.1 MEDIUMEPSS 0.5%CWE-79

Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to execute arbitrary code by injecting malicious payloads into markdown files stored within the application. Attackers can craft malicious markdown files with embedded JavaScript that executes system commands when opened, enabling remote code execution on the victim's computer.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Productos afectados

AnotherNote · Anote

PoCs públicas encontradas — 1

cve_referencewww.exploit-db.com/exploits/49836no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/AnotherNote/anote https://www.exploit-db.com/exploits/49836 https://www.vulncheck.com/advisories/anote-persistent-cross-site-scripting-remote-code-execution