Medium severity5.4NVD Advisory· Published May 20, 2022· Updated Jun 17, 2026
CVE-2022-25224
CVE-2022-25224
Description
Proton v0.2.0 allows an attacker to create a malicious link inside a markdown file. When the victim clicks the link, the application opens the site in the current frame allowing an attacker to host JavaScript code in the malicious link in order to trigger an XSS attack. The 'nodeIntegration' configuration is set to on which allows the 'webpage' to use 'NodeJs' features, an attacker can leverage this to run OS commands.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Proton/Protondescription
Patches
Vulnerability mechanics
References
1- fluidattacks.com/advisories/lennon/nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.