CVE-2019-12592
CVE-2019-12592 affects the Evernote Web Clipper Chrome extension (pre-7.11.1). The vulnerability arises from a mis-handled URL construction in the extension’s iframe/injection framework, allowing a remote site to inject scripts via postMessage and inject a payload into all frames, effectively cau...