Sept. 18, 2023, 5:13 a.m. | Chirag Agrawal

InfoSec Write-ups - Medium

22.6k+ GitHub Stars Note-Taking App Hit by XSS Vulnerability

CVE-2023–3067: Stored Cross Site Scripting Vulnerability on renowned note-taking thick client app Trillium

Trilium Notes is a Hierarchical Note-Taking App for Knowledge Bases


Every digital creation has flaws, and in this blog, we’ll look at a recent discovery that shook the foundation of this popular open-source hierarchical note-taking application. While testing the thick client application, I discovered stored cross-site scripting vulnerabilities in the Title section, which appeared in …

bug bounty cybersecurity open source security xss-attack

More from / InfoSec Write-ups - Medium

Business Information Security Officer

@ Metrolink | Los Angeles, CA

Senior Security Engineer

@ Freedom of the Press Foundation | Remote, 4 hour time zone overlap with New York City

Security Engineer

@ ChartMogul | Remote, EU

Malware Reverse Engineer

@ Two Six Technologies | Fort Meade, Maryland

SOC Analyst Level 3

@ OpenBet | Bengaluru, India

Course Developer, Network Security

@ Palo Alto Networks | Plano, TX, United States