CVE-2020-35717
zonote through 0.4.0 allows XSS via a crafted note, with resultant Remote Code Execution (because nodeIntegration in webPreferences is true).
9CVSS
8.8AI Score
0.018EPSS