Description

Stored XSS Vulnerability was found while a user creates a new Note & Enter the Name for the Note. The Title of the Note gets directly rendered at "Note Map" Functionality which is leading to HTML injection and Cross site scripting stored & reflected every time the user opens the note map.

Proof of Concept

1. download the latest version on any distro, for PoC purpose I have downloaded version 0.57.5 for windows [link](https://github.com/zadam/trilium/releases/download/v0.58.0-beta/trilium-windows-x64-0.58.0-beta.zip)

2. Now, run the trilium.exe binary application.

3. Now create a new note

4. name the new note as "><img src="x" onerror=alert(1337) />

5. Now visit the "Note Map" functionality & click on the red dot or just wait for the alert to be prompted and XSS to be reflected as it's stored at the point.

6. Now the Alert box will pop up everytime as it's stored.

Impact

This can lead to lateral privilege escalation & allow an attacker to get acces to applications javascript and manipulate the Javascript of the server which will lead to loss of users trust and authenticity.

Video Proof of Concept & Screenshots for References:

https://drive.google.com/drive/folders/1Wt_BhUngMjFo3L2_7RhA4gFnYyJTHd5Z?usp=sharing