CVE-2025-55474

MEDIUM

Many Notes 0.10.1 - Stored Cross-Site Scripting via Markdown Rendering

Title source: llm
STIX 2.1

Description

Many Notes 0.10.1 is vulnerable to Cross Site Scripting (XSS), which allows malicious Markdown files to execute JavaScript when viewed.

Scores

CVSS v3 6.1
EPSS 0.0034
EPSS Percentile 26.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
brufdev/many_notes 0.10.1
Published Sep 02, 2025
Tracked Since Feb 18, 2026