Primary

Context

Anote Persistent Cross-Site Scripting Vulnerability Leading to Remote Code Execution

Vulnerability

A persistent cross-site scripting vulnerability has been identified in Anote version 1.0. This vulnerability allows attackers to execute arbitrary code by injecting malicious JavaScript payloads into markdown files within the application. When these files are opened, the embedded scripts execute system commands, potentially leading to remote code execution on the user's computer.

Impact

Exploitation of this vulnerability allows for persistent cross-site scripting, with injected scripts executing in the context of the user.

Reproduction

To reproduce this vulnerability, create a markdown file and inject a JavaScript payload that executes a system command. Once the file is saved and opened in Anote, the injected script will execute, performing the specified command on the system.

Added: May 15, 2026, 7:45 PM

Updated: May 15, 2026, 7:45 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.6

remediation

0.0

relevance

8.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.6

remediation

0.0

relevance

8.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Anote Persistent Cross-Site Scripting Vulnerability Leading to Remote Code Execution

Vulnerability

Impact

Reproduction

Affected Products

AnotherNote Anote

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating