Leanote: >> Leanote >> 2.0 Security Vulnerabilities
Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled during syncing. This leads to remote code execution because of Node integration.
CVSS Score
9.6
EPSS Score
0.013
Published
2020-09-30
Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled when the batch feature is triggered. This leads to remote code execution because of Node integration.
CVSS Score
9.6
EPSS Score
0.013
Published
2020-09-30
Leanote prior to version 2.6 is affected by: Cross Site Scripting (XSS).
CVSS Score
6.1
EPSS Score
0.002
Published
2019-07-11
Leanote version <= 2.5 is vulnerable to XSS due to not sanitized input in markdown notes
CVSS Score
6.1
EPSS Score
0.002
Published
2018-01-03