CVE-2023-27035
Description
An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications, record user audio and other unspecified impacts via embedded website on the canvas page.
NVD
Severity: HIGH
CVE ID: CVE-2023-27035
CVSS Score: 7.5
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
MITRE
Severity: MEDIUM
CVE ID: CVE-2023-27035
CVSS Score: 6.5
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Proof Of Concept
fivex3
Refrence: GitHub