CVE-2020-26157

Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled during syncing. This leads to remote code execution because of Node integration...

CVE-2020-26157

CVE-2020-26157 affects Leanote Desktop up to version 2.6.2. The root cause is a mishandled note title during syncing that enables cross-site scripting (XSS). This vulnerability is described as leading to remote code execution due to Node integration. The available documents do not specify a concr...

CVE-2020-26158

Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled when the batch feature is triggered. This leads to remote code execution because of Node integration...

CVE-2020-26158

Leanote Desktop (up to and including 2.6.2) exposes a vulnerability where triggering the batch feature mishandles a note title, enabling a cross-site scripting (XSS) vector that can lead to remote code execution via Node integration. Root cause: improper handling of the note title within the batc...

Joplin 1.0.245 - Arbitrary Code Execution (PoC)

Exploit Title: Joplin 1.0.245 - Arbitrary Code Execution PoC Date: 2020-09-21 Exploit Author: Ademar Nowasky Junior @nowaskyjr Vendor Homepage: https://joplinapp.org/ Software Link: https://github.com/laurent22/joplin/releases/download/v1.0.245/Joplin-Setup-1.0.245.exe Version: 1.0.190 to 1.0.245...

Code injection

European Commission eIDAS-Node Integration Package before 2.3.1 has Missing Certificate Validation because a certain ExplicitKeyTrustEvaluator return value is not checked. NOTE: only 2.1 is confirmed to be affected...

Code injection

European Commission eIDAS-Node Integration Package before 2.3.1 allows Certificate Faking because an attacker can sign a manipulated SAML response with a forged certificate...

Electron WebPreferences - Remote Code Execution

Electron WebPreferences - Remote Code Execution CVE-2018-15685 - Electron WebPreferences Remote Code Execution This is a minimal Electron application with a POC for CVE-2018-15685. A remote code execution vulnerability has been discovered affecting apps with the ability to open nested child windo...

CVE-2018-1000543

Akiee version 0.0.3 contains a XSS leading to code execution due to the use of node integration vulnerability in "Details" of a task is not validated that can result in XSS leading to abritrary code execution. This attack appear to be exploitable via The attacker tricks the victim into opening a...

CVE-2018-1000543

Akiee version 0.0.3 contains a XSS leading to code execution due to the use of node integration vulnerability in "Details" of a task is not validated that can result in XSS leading to abritrary code execution. This attack appear to be exploitable via The attacker tricks the victim into opening a...

Cross site scripting

Akiee version 0.0.3 contains a XSS leading to code execution due to the use of node integration vulnerability in "Details" of a task is not validated that can result in XSS leading to abritrary code execution. This attack appear to be exploitable via The attacker tricks the victim into opening a...

CVE-2018-1000543

Akiee version 0.0.3 contains a XSS leading to code execution due to the use of node integration vulnerability in "Details" of a task is not validated that can result in XSS leading to abritrary code execution. This attack appear to be exploitable via The attacker tricks the victim into opening a...

CVE-2018-1000543

CVE-2018-1000543 affects Akiee version 0.0.3. The vulnerability is a cross-site scripting flaw in the Details of a task, caused by an unvalidated node integration context that can lead to arbitrary code execution. Multiple sources (CNVD-2018-12808, NVD entry) describe exploitation via a crafted m...

Simple bug could lead to RCE flaw on apps built with Electron Framework

A critical remote code execution vulnerability has been discovered in the popular Electron web application framework that could allow attackers to execute malicious code on victims' computers. Electron is an open source app development framework that powers thousands of widely-used desktop...

GHSA-8XWG-WV7V-4VQP Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration

A vulnerability has been discovered which allows Node.js integration to be re-enabled in some Electron applications that disable it. For the application to be impacted by this vulnerability it must meet all of these conditions - Runs on Electron 1.7, 1.8, or a 2.0.0-beta - Allows execution of...

CVE-2018-1000136

Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3 contains an improper handling of values vulnerability in Webviews that can result in remote code execution. This attack appear to be exploitable via an app which allows execution of 3rd party code AND disallows node...

CVE-2018-1000136

CVE-2018-1000136 concerns the Electron framework where Webviews mishandle values, enabling potential remote code execution. Affected are Electron versions: 1.7.x up to 1.7.12, 1.8.x up to 1.8.3, and 2.0.0 up to 2.0.0-beta.3. The issue appears when an application allows execution of third‑party co...

Cross-site Scripting (XSS)

shiba is vulnerable to cross-site scripting XSS attacks. These attacks are possible due to the enabled node integration...

CVE-2017-1000492

Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration...

Design/Logic Flaw

Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration...