Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to...
5.5CVSS
7.2AI Score
0.0004EPSS
A vulnerability, which was classified as problematic, has been found in leanote 2.6.1. This issue affects the function define of the file public/js/plugins/history.js. The manipulation of the argument content leads to cross site scripting. The attack may be initiated remotely. The identifier of...
6.1CVSS
6AI Score
0.001EPSS
Leanote 2.7.0 is vulnerable to Cross Site Scripting (XSS) in the markdown type note. This leads to remote code execution with payload...
6.1CVSS
6.5AI Score
0.001EPSS
Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled during syncing. This leads to remote code execution because of Node...
9.6CVSS
7.5AI Score
0.004EPSS
Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled when the batch feature is triggered. This leads to remote code execution because of Node...
9.6CVSS
7.5AI Score
0.004EPSS
6.1CVSS
6.1AI Score
0.001EPSS
Leanote 2.6.1 has XSS via the Blog Basic Setting title field, which is mishandled during rendering of the "likes"...
6.1CVSS
6.2AI Score
0.001EPSS
Leanote version <= 2.5 is vulnerable to XSS due to not sanitized input in markdown...
6.1CVSS
6.4AI Score
0.001EPSS