Leanote Security Vulnerabilities

CVE-2024-0849

Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to...

CVE-2021-4263

A vulnerability, which was classified as problematic, has been found in leanote 2.6.1. This issue affects the function define of the file public/js/plugins/history.js. The manipulation of the argument content leads to cross site scripting. The attack may be initiated remotely. The identifier of...

CVE-2021-43721

Leanote 2.7.0 is vulnerable to Cross Site Scripting (XSS) in the markdown type note. This leads to remote code execution with payload...

CVE-2020-26157

Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled during syncing. This leads to remote code execution because of Node...

CVE-2020-26158

Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled when the batch feature is triggered. This leads to remote code execution because of Node...

CVE-2019-1010003

Leanote prior to version 2.6 is affected by: Cross Site Scripting...

CVE-2018-18553

Leanote 2.6.1 has XSS via the Blog Basic Setting title field, which is mishandled during rendering of the "likes"...

CVE-2017-1000459

Leanote version <= 2.5 is vulnerable to XSS due to not sanitized input in markdown...