CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 3CVE-2020-35717
https://notcve.org/view.php?id=CVE-2020-35717
zonote through 0.4.0 allows XSS via a crafted note, with resultant Remote Code Execution (because nodeIntegration in webPreferences is true). zonote versiones hasta 0.4.0, permite un ataque de tipo XSS por medio de una nota diseñada, con una Ejecución de Código Remota resultante (porque nodeIntegration en webPreferences es verdadero). • https://github.com/Redfox-Secuirty/Hacking-Electron-Apps-CVE-2020-35717- https://github.com/hmartos/cve-2020-35717 https://github.com/zonetti/zonote https://medium.com/bugbountywriteup/remote-code-execution-through-cross-site-scripting-in-electron-f3b891ad637 https://www.electronjs.org/apps/zonote • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •