Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a crafted payload injected into the Title text field.Referenceshttps://github.com/notable/notable/issues/1595
