CVE-2021-47963

HIGH 7.2

Anote 1.0 Persistent Cross-Site Scripting Remote Code Execution

CVSS Score

7.2

EPSS Score

0.0%

EPSS Percentile

0th

Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to execute arbitrary code by injecting malicious payloads into markdown files stored within the application. Attackers can craft malicious markdown files with embedded JavaScript that executes system commands when opened, enabling remote code execution on the victim's computer.

CWE	CWE-79
Vendor	anothernote
Product	anote
Published	May 15, 2026

Stay Ahead of the Next One

Get instant alerts for anothernote anote

Be the first to know when new high vulnerabilities affecting anothernote anote are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

None

Affected Versions

AnotherNote / Anote

1.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/49836 github.com: https://github.com/AnotherNote/anote vulncheck.com: https://www.vulncheck.com/advisories/anote-persistent-cross-site-scripting-remote-code-execution

Credits

TaurusOmar