CVE-2021-4263
- EPSS 0.25%
- Veröffentlicht 21.12.2022 19:15:12
- Zuletzt bearbeitet 21.11.2024 06:37:15
A vulnerability, which was classified as problematic, has been found in leanote 2.6.1. This issue affects the function define of the file public/js/plugins/history.js. The manipulation of the argument content leads to cross site scripting. The attack...
CVE-2021-43721
- EPSS 0.43%
- Veröffentlicht 28.03.2022 14:15:07
- Zuletzt bearbeitet 21.11.2024 06:29:40
Leanote 2.7.0 is vulnerable to Cross Site Scripting (XSS) in the markdown type note. This leads to remote code execution with payload : <video src=x onerror=(function(){require('child_process').exec('calc');})();>
CVE-2020-26157
- EPSS 1.28%
- Veröffentlicht 30.09.2020 18:15:27
- Zuletzt bearbeitet 21.11.2024 05:19:23
Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled during syncing. This leads to remote code execution because of Node integration.
CVE-2020-26158
- EPSS 1.28%
- Veröffentlicht 30.09.2020 18:15:27
- Zuletzt bearbeitet 21.11.2024 05:19:24
Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled when the batch feature is triggered. This leads to remote code execution because of Node integration.
CVE-2019-1010003
- EPSS 0.21%
- Veröffentlicht 11.07.2019 13:15:10
- Zuletzt bearbeitet 21.11.2024 04:17:54
Leanote prior to version 2.6 is affected by: Cross Site Scripting (XSS).
CVE-2018-18553
- EPSS 0.24%
- Veröffentlicht 22.10.2018 01:29:00
- Zuletzt bearbeitet 21.11.2024 03:56:08
Leanote 2.6.1 has XSS via the Blog Basic Setting title field, which is mishandled during rendering of the "likes" page.
CVE-2017-1000459
- EPSS 0.24%
- Veröffentlicht 03.01.2018 00:29:00
- Zuletzt bearbeitet 21.11.2024 03:04:46
Leanote version <= 2.5 is vulnerable to XSS due to not sanitized input in markdown notes