CVE-2023-5701

Summary

A vulnerability has been found in vnotex vnote up to 3.17.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Markdown File Handler. The manipulation with the input <xss onclick="alert(1)" style=display:block>Click here</xss> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243139. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
vnotexvnote3.0affected
vnotexvnote3.1affected
vnotexvnote3.2affected
vnotexvnote3.3affected
vnotexvnote3.4affected
vnotexvnote3.5affected
vnotexvnote3.6affected
vnotexvnote3.7affected
vnotexvnote3.8affected
vnotexvnote3.9affected
vnotexvnote3.10affected
vnotexvnote3.11affected
vnotexvnote3.12affected
vnotexvnote3.13affected
vnotexvnote3.14affected
vnotexvnote3.15affected
vnotexvnote3.16affected
vnotexvnote3.17affected

Weaknesses

  • CWE-79: CWE-79 Cross Site Scripting

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References