Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled when the batch feature is triggered. This leads to remote code execution because of Node integration.
References
Link | Resource |
---|---|
https://github.com/leanote/desktop-app/issues/353 | Third Party Advisory |
Configurations
History
No history.
Information
Published : 2020-09-30 18:15
Updated : 2024-02-04 21:23
NVD link : CVE-2020-26158
Mitre link : CVE-2020-26158
CVE.ORG link : CVE-2020-26158
JSON object : View
Products Affected
leanote
- leanote
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')