HTML injection vulnerability in Enpass Password Manager Desktop Client 6.9.2 for Windows and Linux allows malicious users to run arbitrary HTML code via creation of crafted note.