Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 42 QOwnNotes Critical CVE-2025-1461 XSS Security Patch Released

fedora
Calendar Grey January 31, 2026
Dist Fedora Esm H88
QOwnNotes update for Fedora 42 addresses critical issues including cross-site scripting vulnerabilities. Essential upgrade steps included.
See commit history

Summary

QOwnNotes is the open source notepad with Markdown support and todo list manager

for GNU/Linux, macOS and Windows, that works together with Nextcloud Notes and

ownCloud Notes.

You are able to write down your thoughts with QOwnNotes and edit or search for

them later from your mobile device, like with Nextcloud Notes for Android or the

Nextcloud / ownCloud web-service.

The notes are stored as plain text markdown files and are synced with

Nextcloud's/ownCloud's file sync functionality. Of course other software, like

Syncthing or Dropbox can be used too.

If you like the concept of having notes accessible in plain text files, like it

is done in the Nextcloud / ownCloud notes apps to gain a maximum of freedom then

QOwnNotes is for you.

Update Information:

See commit history

Topics%20covered

Topics Covered

security advisory fedora cross site scripting vulnerability important qownnotes

Change Log

* Sat Jan 17 2026 Artem Polishchuk - 26.1.7-4 - Build with system Botan-2 * Sat Jan 17 2026 Fedora Release Engineering - 26.1.7-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jan 16 2026 Artem Polishchuk - 26.1.7-2 - Mask BR: botan-3 temporary * Thu Jan 15 2026 Artem Polishchuk - 26.1.7-1 - 26.1.7 - Bundle Botan 2 for now * Fri Jul 25 2025 Fedora Release Engineering - 25.5.10-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild

References


[ 1 ] Bug #2369171 - CVE-2025-1461 qownnotes: Vuetify XSS through 'eventMoreText' prop of VCalendar [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2369171 [ 2 ] Bug #2421918 - CVE-2025-8083 qownnotes: Vuetify Prototype Pollution via Preset options [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2421918 [ 3 ] Bug #2423086 - CVE-2025-8082 qownnotes: Vuetify: Cross-Site Scripting (XSS) vulnerability in VDatePicker component [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2423086

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-4ea96a154e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: qownnotes
Product: Fedora 42
Version: 26.1.7
Release: 4.fc42
URL: https://www.qownnotes.org
Summary: Plain-text file notepad and todo-list manager with Markdown support

Topics%20covered

Topics Covered

security advisory fedora cross site scripting vulnerability important qownnotes

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here