Anote 1.0 RCE via Persistent XSS (CVE-2021-47963)

/HIGH /CVSS 7.2/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severityremote-code-executioncwe-79
Anote 1.0 RCE via Persistent XSS (CVE-2021-47963)

The National Vulnerability Database reports a high-severity persistent cross-site scripting (XSS) vulnerability, CVE-2021-47963, in Anote 1.0. This flaw allows attackers to achieve remote code execution (RCE) by injecting malicious payloads into markdown files. The CVSSv3.1 score is 7.2 (HIGH).

Attackers can craft specific markdown files containing embedded JavaScript. When a victim opens these malicious files within Anote 1.0, the JavaScript executes system commands, effectively compromising the victim’s machine. This is a direct path from a seemingly innocuous file to full system compromise.

This vulnerability, categorized under CWE-79 (Improper Neutralization of Input During Web Page Generation), highlights the critical risk of insufficient input sanitization in applications that process user-supplied content. For defenders, this means any application allowing markdown or rich text input needs rigorous validation.

What This Means For You

  • If your organization uses Anote 1.0, you are directly exposed to remote code execution. Attackers only need to trick a user into opening a malicious markdown file. Immediately assess your usage of Anote 1.0 and prioritize a security review or discontinuation until a patch is available. Assume compromise if you've been using this application to open untrusted markdown.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1566.002 Phishing: Spearphishing Attachment Initial Access T1059.007 Command and Scripting Interpreter: JavaScript Execution

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

high T1190 Initial Access

CVE-2021-47963 - Anote Persistent XSS Markdown Injection

Sigma YAML — free preview 
title: CVE-2021-47963 - Anote Persistent XSS Markdown Injection
id: scw-2026-05-15-ai-1
status: experimental
level: high
description: |
  Detects the creation or modification of markdown files (.md) containing known or suspected persistent XSS payloads. This targets CVE-2021-47963, where attackers inject malicious JavaScript into markdown files to achieve RCE when the file is rendered by Anote 1.0.
author: SCW Feed Engine (AI-generated)
date: 2026-05-15
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2021-47963/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: file_event
detection:
  selection:
      TargetFilename|endswith:
          - '.md'
      # This is a placeholder for a specific malicious JavaScript pattern within markdown.
      # Real-world detection would require analyzing actual exploit payloads.
      # Example: Detecting a specific script tag or known XSS payload structure.
      # For demonstration, we'll use a hypothetical pattern.
  selection_payload:
      TargetFilename|contains:
          - '<script>alert(\'XSS\')</script>'
          - '<img src=x onerror=alert(1)>'
      condition: selection AND selection_payload
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2021-47963 XSS Anote 1.0
CVE-2021-47963 RCE Anote 1.0
CVE-2021-47963 Code Injection Injecting malicious payloads into markdown files

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 15, 2026 at 22:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-45675: Open WebUI Vulnerable to Admin Role Race Condition

CVE-2026-45675 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, he LDAP and OAuth authentication flows use...

vulnerabilityCVEhigh-severitycwe-269cwe-362
/SCW Vulnerability Desk /HIGH /8.1 /⚑ 3 IOCs /⚙ 2 Sigma

CVE-2026-45671: Open WebUI File Deletion Flaw Impacts Self-Hosted AI

CVE-2026-45671 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user can permanently delete files...

vulnerabilityCVEhigh-severitycwe-639
/SCW Vulnerability Desk /HIGH /8 /⚑ 4 IOCs /⚙ 3 Sigma

Open WebUI CVE-2026-45399: Low-Privilege Users Disrupt System-Wide AI Tasks

CVE-2026-45399 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user with low privileges can...

vulnerabilityCVEhigh-severitycwe-862
/SCW Vulnerability Desk /HIGH /7.1 /⚑ 4 IOCs /⚙ 2 Sigma