Showcase repository for CVE-2020-35717
CVE-2020–35717 zonote allows XSS via crafted note, with resultant Remote Code Execution (because Nodejs integration is enabled) Steps to exploit the vulnerability Download any zonote affected version Open zonote app Import xss-rceznt in zonote via Menu > Open Hover over the different links in imported notes