22.6k+ GitHub Stars Note-Taking App Hit by XSS Vulnerability | allinfosecnews.com

Sept. 18, 2023, 5:13 a.m. | Chirag Agrawal

InfoSec Write-ups - Medium infosecwriteups.com

22.6k+ GitHub Stars Note-Taking App Hit by XSS Vulnerability

CVE-2023–3067: Stored Cross Site Scripting Vulnerability on renowned note-taking thick client app Trillium

Trilium Notes is a Hierarchical Note-Taking App for Knowledge Bases

Introduction

Every digital creation has flaws, and in this blog, we’ll look at a recent discovery that shook the foundation of this popular open-source hierarchical note-taking application. While testing the thick client application, I discovered stored cross-site scripting vulnerabilities in the Title section, which appeared in …

bug bounty cybersecurity open source security xss-attack

More from infosecwriteups.com / InfoSec Write-ups - Medium

A List of No-Brainers for Windows Server Security 1 day, 4 hours ago | infosecwriteups.com

assets business cyber cyber security +18

Mastering BTL1: Journey, Tips, and Insights for Cyber Defenders 2 days, 5 hours ago | infosecwriteups.com

blue team cybersecurity cybersecurity-certificate cybersecurity training +1

eJPT v2 Review: Decoding the eLearn Security’s Junior Penetration Tester Certification 2 days, 5 hours ago | infosecwriteups.com

blue certification cybersecurity cybersecurity training +18

10 Beginner-Friendly Cybersecurity Projects to Kickstart Your Journey 2 days, 5 hours ago | infosecwriteups.com

age beginner critical cryptocurrency +17

Unmasking Directory Traversal: Navigating Vulnerabilities in Web Applications (Techniques +… 2 days, 5 hours ago | infosecwriteups.com

application security bug bounty bug-bounty-tips owasp +1

Injecting Danger: Understanding Server-Side Template Exploits 2 days, 5 hours ago | infosecwriteups.com

ctf htb owasp security +1

The Evolution of Cybersecurity: From Enigma to Quantum Cryptography 2 days, 5 hours ago | infosecwriteups.com

article breaches computing counter +18

Revolutionizing Bug Bounty Hunting: Unleashing the AI Advantage with Chat GPT 2 days, 5 hours ago | infosecwriteups.com

artificial intelligence bounty bug bug bounty +23

Exploit Analysis: Request-Baskets v1.2.1 Server-side Request Forgery (SSRF) 2 days, 5 hours ago | infosecwriteups.com

analysis bug bounty continue cybersecurity +15

Business Information Security Officer

@ Metrolink | Los Angeles, CA

View on infosec-jobs.com

Senior Security Engineer

@ Freedom of the Press Foundation | Remote, 4 hour time zone overlap with New York City

View on infosec-jobs.com

Security Engineer

@ ChartMogul | Remote, EU

View on infosec-jobs.com

Malware Reverse Engineer

@ Two Six Technologies | Fort Meade, Maryland

View on infosec-jobs.com

SOC Analyst Level 3

@ OpenBet | Bengaluru, India

View on infosec-jobs.com

Course Developer, Network Security

@ Palo Alto Networks | Plano, TX, United States

View on infosec-jobs.com