74 matches found
CVE-2018-18553
Leanote 2.6.1 is affected by a cross-site scripting (XSS) vulnerability in the Blog Basic Setting title field, exploitable via rendering of the Likes page. The issue stems from mishandling the title field during page rendering, allowing injected scripts/HTML to execute in affected contexts. Pub...
CVE-2018-18553
Leanote 2.6.1 has XSS via the Blog Basic Setting title field, which is mishandled during rendering of the "likes" page...
Design/Logic Flaw
Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration...
CVE-2017-1000492
Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration...
CVE-2017-1000492
Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration...
CVE-2017-1000492
Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration...
CVE-2017-1000492
CVE-2017-1000492 affects Leanote-desktop v2.5. The vulnerability is a cross-site scripting (XSS) flaw caused by enabled Node integration, which can lead to code execution. Multiple sources (NVD and Red Hat, OSV, CNVD, etc.) corroborate the issue. CVSS details: CVSS2 base 4.3 (I:P) and CVSS3 base ...
CVE-2017-1000459
Leanote version = 2.5 is vulnerable to XSS due to not sanitized input in markdown notes...
Design/Logic Flaw
Leanote version = 2.5 is vulnerable to XSS due to not sanitized input in markdown notes...
CVE-2017-1000459
Leanote version = 2.5 is vulnerable to XSS due to not sanitized input in markdown notes...
CVE-2017-1000459
Leanote version = 2.5 is vulnerable to XSS due to not sanitized input in markdown notes...
CVE-2017-1000459
Leanote
Leanote Cross-Site Scripting Vulnerability
Leanote is an open source notepad application. A cross-site scripting vulnerability exists in Leanote 2.5 and earlier versions, which stems from the program failing to filter input in markdown comments. A remote attacker can use this vulnerability to inject arbitrary web script or HTML...
Leanote-desktop Cross-Site Scripting Vulnerability
Leanote-desktop is an open source notepad application. A cross-site scripting vulnerability exists in Leanote-desktop v2.5. A remote attacker can exploit this vulnerability to execute code...