1. Critical Stored XSS in Shared Notes via Unsecured rehype-raw Markdown Rendering
A critical stored cross-site scripting (XSS) vulnerability has been identified in the note-sharing feature, stemming from the unsafe rendering of raw HTML in markdown. The `Preview` component uses the `rehype-raw` plugin to process markdown but crucially lacks the `rehype-sanitize` plugin, allowing malicious HTML to be...