zonote through 0.4.0 allows XSS via a crafted note, with resultant Remote Code Execution (because node Integration in webPreferences is true). Electron Applications Electron is