Vulnerabilities > Electronjs > Low

DATE CVE VULNERABILITY TITLE RISK
2021-01-01 CVE-2020-35717 Cross-site Scripting vulnerability in Electronjs Zonote
zonote through 0.4.0 allows XSS via a crafted note, with resultant Remote Code Execution (because nodeIntegration in webPreferences is true).
network
electronjs CWE-79
3.5
3.5
2020-07-07 CVE-2020-4075 Files or Directories Accessible to External Parties vulnerability in Electronjs Electron 7.0.0/8.0.0/9.0.0
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open.
local
low complexity
electronjs CWE-552
2.1
2.1
2020-07-07 CVE-2020-4076 Unspecified vulnerability in Electronjs Electron 7.0.0/8.0.0/9.0.0
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass.
local
low complexity
electronjs
3.6
3.6