zonote through 0.4.0 allows XSS via a crafted note, with resultant Remote Code Execution (because nodeIntegration in webPreferences is true).Referenceshttps://www.electronjs.org/apps/zonotehttps://github.com/zonetti/zonotehttps://github.com/hmartos/cve-2020-35717https://medium.com/bugbountywriteup/remote-code-execution-through-cross-site-scripting-in-electron-f3b891ad637
