From XSS to RCE in Simplenote 1.1.3


In Simplenote 1.1.3 – Desktop app there is a stored XSS vulnerability that can be used to execute arbitrary code. If there is malicious code in the note and the user tries to print it (for example to save it as a PDF), the malicious code runs.

#358049 – RCE via Print function [Simplenote 1.1.3 – Desktop app]

27/05/2018 – I send the report
25/06/2018 – The vulnerability is fixed and the bug bounty reward is 250$
26/07/2018 – Public disclosure

I suggest these awesome readings about XSS and Remote Code Execution in the Electron based applications: