all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

22.6k+ GitHub Stars Note-Taking App Hit by XSS Vulnerability

Add to bookmarks
Sept. 18, 2023, 5:13 a.m. | Chirag Agrawal

InfoSec Write-ups - Medium infosecwriteups.com

22.6k+ GitHub Stars Note-Taking App Hit by XSS Vulnerability

CVE-2023–3067: Stored Cross Site Scripting Vulnerability on renowned note-taking thick client app Trillium

Trilium Notes is a Hierarchical Note-Taking App for Knowledge Bases

Introduction

Every digital creation has flaws, and in this blog, we’ll look at a recent discovery that shook the foundation of this popular open-source hierarchical note-taking application. While testing the thick client application, I discovered stored cross-site scripting vulnerabilities in the Title section, which appeared in …

bug bounty cybersecurity open source security xss-attack

Visit resource

More from infosecwriteups.com / InfoSec Write-ups - Medium

Private Interact.sh server setup with a web dashboard 2 days, 7 hours ago | infosecwriteups.com
bug bounty cybersecurity hacking tools +1
Understanding 403 Bypass: A Critical Vulnerability in Web Application Security 3 days, 7 hours ago | infosecwriteups.com
403 bypass access application applications +28
Hack Stories: Hacking Hackers EP:3 4 days, 7 hours ago | infosecwriteups.com
big bug bounty cybersecurity hack +9
Mastering Shodan Search Engine 5 days, 8 hours ago | infosecwriteups.com
bug bounty bug-bounty-tips cybersecurity information security +1
Email Verification Bypass via Remember Me 5 days, 8 hours ago | infosecwriteups.com
bug bounty cybersecurity hacking pentesting +1
Exploiting Symlinks: A Deep Dive into CVE-2024–28185 and CVE-2024–28189 of Judge0 Sandboxes 5 days, 8 hours ago | infosecwriteups.com
attacks code code execution continue +15
Typo Trouble: Exploring the Telegram Python RCE Vulnerability 5 days, 8 hours ago | infosecwriteups.com
address alerts application concept +25
Active DNS Recon using AXIOM 5 days, 8 hours ago | infosecwriteups.com
bug bounty bug-bounty-tips cybersecurity infosec +1
Information Disclosure: Story of 500€ + 400$ Bounty 5 days, 8 hours ago | infosecwriteups.com
bug bounty cybersecurity hacking information technology +1

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Network Security Engineer

@ Meta | Menlo Park, CA | Remote, US
View on infosec-jobs.com

Security Engineer, Investigations - i3

@ Meta | Washington, DC
View on infosec-jobs.com

Threat Investigator- Security Analyst

@ Meta | Menlo Park, CA | Seattle, WA | Washington, DC
View on infosec-jobs.com

Security Operations Engineer II

@ Microsoft | Redmond, Washington, United States
View on infosec-jobs.com

Engineering -- Tech Risk -- Global Cyber Defense & Intelligence -- Bug Bounty -- Associate -- Dallas

@ Goldman Sachs | Dallas, Texas, United States
View on infosec-jobs.com
View more jobs