Unrated severityNVD Advisory· Published May 13, 2019· Updated Aug 5, 2024
CVE-2018-18524
CVE-2018-18524
Description
Evernote 6.15 on Windows has an incorrectly repaired stored XSS vulnerability. An attacker can use this XSS issue to inject Node.js code under Present mode. After a victim opens an affected note under Present mode, the attacker can read the victim's files and achieve remote execution command on the victim's computer.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Evernote/Evernotedescription
Patches
Vulnerability mechanics
References
2- evernote.com/intl/en/security/updatesmitrex_refsource_MISC
- paper.seebug.org/737/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.