+ Capturing the flag id through redos attack in /search endpoint + XSS in /uuid/noteid/raw and HTML injection in /uuid/noteid + CSP frame-src bypass through server side redirect
Original writeup (https://blog.bi0s.in/2024/02/26/Web/VarietyNotes-bi0sCTF2024/).
