CNNVD-202509-161 Information
CNNVD ID
CNNVD-202509-161
Related CVE
- CNNVD Published: 2025-09-02
Description (Chinese)
many-notes是Bruno个人开发者的一个Markdown阅读器。 many-notes 0.10.1版本存在安全漏洞,该漏洞源于Markdown文件处理不当,可能导致跨站脚本攻击。
Description (English)
Many-notes is a Markdown reader for Bruno’s personal developer. There is a security loophole in version 0.10.1 of the many-notes, which stems from the mishandling of the Markdown document and could lead to a cross-site script attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2025-09-02
Last Modified
2026-02-24
References
https://medium.com/@cyberducky/how-i-found-a-stored-xss-in-markdown-rendering-e73cfc3cd93a https://github.com/brufdev/many-notes/releases/tag/v0.10.2 https://cyber-ducky.com/stored-xss-found-in-many-notes-the-best-note-taking-app/ https://nvd.nist.gov/vuln/detail/CVE-2025-55474 https://access.redhat.com/security/cve/cve-2025-55474
Patch
https://github.com/brufdev/many-notes/releases
Share on: