CVE-2020-35717
CRITICALElectronjs Zonote < 0.4.0 - XSS
Title source: ruleDescription
zonote through 0.4.0 allows XSS via a crafted note, with resultant Remote Code Execution (because nodeIntegration in webPreferences is true).
Exploits (2)
nomisec
STUB
by Redfox-Security · poc
https://github.com/Redfox-Security/Hacking-Electron-Apps-CVE-2020-35717-
References (4)
Scores
CVSS v3
9.0
EPSS
0.0614
EPSS Percentile
90.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Details
CWE
CWE-79
Status
published
Products (1)
electronjs/zonote
< 0.4.0
Published
Jan 01, 2021
Tracked Since
Feb 18, 2026