关联漏洞
Description
Markdown XSS leads to RCE in VNote version <=3.18.1
介绍
# CVE-2024-41662
Markdown XSS leads to RCE in VNote version <=3.18.1
**Severity :** **High** (**8.6**)
**CVSS score :** `CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H`
## Summary :
A **Cross-Site Scripting (XSS)** vulnerability was identified in the Markdown rendering functionality of the VNote note-taking application. This vulnerability allows the injection and execution of arbitrary JavaScript code, potentially leading to **Remote Code Execution (RCE)**.
## Steps to Reproduce :
1. Create a note in Vnote.
2. Enter the following JS payload in the app,
```html
<img src="" onerror="alert('XSS') alt="alt text">
```
3. Press **CTRL+T** to render the markdown content.
4. Observe the JavaScript payload executing an alert popup.
There is no whitelisting or output encoding performed for the given payload, resulting in an XSS vulnerability.
> NOTE: The application properly validates some JavaScript payloads by performing output encoding in the app. However, it fails to validate in certain cases.
5. Further an attacker can achieve **Remote Code execution** using the following payload.
```html
<iframe src="../../../../../../../../Windows/System32/cmd.exe" />
```
## Affected Version Details :
- <=3.18.1
## Impact :
This vulnerability can be exploited by an attacker to gain unauthorized access to the system, execute arbitrary commands, and potentially take control of the affected machine. This could lead to system compromise and other severe security incidents.
## Mitigation :
- Implement rigorous input sanitization for all Markdown content.
- Utilize a secure Markdown parser that appropriately escapes or strips potentially dangerous content.
## References :
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41662
文件快照
[4.0K] /data/pocs/03fd01776eb0bfe2e34252c8117a8777541e3b2a
└── [2.1K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。