{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-13T13:38:01.299","vulnerabilities":[{"cve":{"id":"CVE-2024-41662","sourceIdentifier":"security-advisories@github.com","published":"2024-07-24T17:15:11.310","lastModified":"2024-11-21T09:32:55.687","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"VNote is a note-taking platform. A Cross-Site Scripting (XSS) vulnerability has been identified in the Markdown rendering functionality of versions 3.18.1 and prior of the VNote note-taking application. This vulnerability allows the injection and execution of arbitrary JavaScript code through which remote code execution can be achieved. A patch for this issue is available at commit f1af78573a0ef51d6ef6a0bc4080cddc8f30a545. Other mitigation strategies include implementing rigorous input sanitization for all Markdown content and utilizing a secure Markdown parser that appropriately escapes or strips potentially dangerous content."},{"lang":"es","value":"VNote es una plataforma para tomar notas. Se identificó una vulnerabilidad de Cross-Site Scripting (XSS) en la funcionalidad de renderizado Markdown de las versiones 3.18.1 y anteriores de la aplicación de toma de notas VNote. Esta vulnerabilidad permite la inyección y ejecución de código JavaScript arbitrario a través del cual se puede lograr la ejecución remota de código. Hay un parche para este problema disponible en la confirmación f1af78573a0ef51d6ef6a0bc4080cddc8f30a545. Otras estrategias de mitigación incluyen implementar una rigurosa sanitización de entradas para todo el contenido de Markdown y utilizar un analizador de Markdown seguro que escape o elimine adecuadamente el contenido potencialmente peligroso."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":6.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vnote_project:vnote:*:*:*:*:*:*:*:*","versionEndIncluding":"3.18.1","matchCriteriaId":"309A837E-4DFD-4C36-9746-7F02B3A5FBDE"}]}]}],"references":[{"url":"https://github.com/vnotex/vnote/commit/f1af78573a0ef51d6ef6a0bc4080cddc8f30a545","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/vnotex/vnote/security/advisories/GHSA-w655-h68w-vxxc","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/vnotex/vnote/commit/f1af78573a0ef51d6ef6a0bc4080cddc8f30a545","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/vnotex/vnote/security/advisories/GHSA-w655-h68w-vxxc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}