Lucene search

K

MitreCVELIST:CVE-2020-35717

HistoryJan 01, 2021 - 9:15 a.m.

CVE-2020-35717

2021-01-0109:15:21

mitre

www.cve.org

4

cve-2020-35717

zonote

xss

remote code execution

webpreferences

AI Score

8.9

Confidence

High

EPSS

0.018

Percentile

88.3%

zonote through 0.4.0 allows XSS via a crafted note, with resultant Remote Code Execution (because nodeIntegration in webPreferences is true).

References

github.com/hmartos/cve-2020-35717

github.com/zonetti/zonote

medium.com/bugbountywriteup/remote-code-execution-through-cross-site-scripting-in-electron-f3b891ad637

www.electronjs.org/apps/zonote

AI Score

8.9

Confidence

High

EPSS

0.018

Percentile

88.3%

Related for CVELIST:CVE-2020-35717

prion1 osv1 nvd1 githubexploit1 cve1