Vulnerability Details CVE-2019-12592
A universal Cross-site scripting (UXSS) vulnerability in the Evernote Web Clipper extension before 7.11.1 for Chrome allows remote attackers to run arbitrary web script or HTML in the context of any loaded 3rd-party IFrame.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.7%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- https://www.cyberscoop.com/evernote-patches-flaw-google-chrome-extension/
- https://www.techrepublic.com/article/evernote-chrome-extension-vulnerability-allowed-attackers-to-steal-4-7m-users-data/
- https://www.cyberscoop.com/evernote-patches-flaw-google-chrome-extension/
- https://www.techrepublic.com/article/evernote-chrome-extension-vulnerability-allowed-attackers-to-steal-4-7m-users-data/
Products affected by CVE-2019-12592
-
cpe:2.3:a:evernote:web_clipper:*