victorootnice.github.io

  1. Currently, it can impact all known versions and bypass XSS defense measures under the highest security mode ( “protect_from_xss”:true )

  2. Create a new markdown note using vnote. image

  3. Write an XSS payload into the markdown file. <xss onclick="alert(1)" style=display:block>Click here</xss> image

  4. Click the ‘Click here’ text to trigger XSS. According to the project author's description, when the configuration file is set to "protect_from_xss":true, it enables the highest level of XSS defense. --- XSS Successfully Executed image