Leanote
by Leanote
Source repositories
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-0849 | Med | 0.33 | 5.0 | 0.00 | Feb 7, 2024 | Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR. | ||
| CVE-2021-4263 | 0.00 | — | 0.01 | Dec 21, 2022 | A vulnerability, which was classified as problematic, has been found in leanote 2.6.1. This issue affects the function define of the file public/js/plugins/history.js. The manipulation of the argument content leads to cross site scripting. The attack may be initiated remotely.… | |||
| CVE-2021-43721 | 0.00 | — | 0.01 | Mar 28, 2022 | Leanote 2.7.0 is vulnerable to Cross Site Scripting (XSS) in the markdown type note. This leads to remote code execution with payload : | |||
| CVE-2019-1010003 | 0.00 | — | 0.01 | Jul 11, 2019 | Leanote prior to version 2.6 is affected by: Cross Site Scripting (XSS). | |||
| CVE-2018-18553 | 0.00 | — | 0.01 | Oct 22, 2018 | Leanote 2.6.1 has XSS via the Blog Basic Setting title field, which is mishandled during rendering of the "likes" page. | |||
| CVE-2017-1000459 | 0.00 | — | 0.01 | Jan 3, 2018 | Leanote version <= 2.5 is vulnerable to XSS due to not sanitized input in markdown notes |
- risk 0.33cvss 5.0epss 0.00
Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR.
- CVE-2021-4263Dec 21, 2022risk 0.00cvss —epss 0.01
A vulnerability, which was classified as problematic, has been found in leanote 2.6.1. This issue affects the function define of the file public/js/plugins/history.js. The manipulation of the argument content leads to cross site scripting. The attack may be initiated remotely.…
- CVE-2021-43721Mar 28, 2022risk 0.00cvss —epss 0.01
Leanote 2.7.0 is vulnerable to Cross Site Scripting (XSS) in the markdown type note. This leads to remote code execution with payload :
- CVE-2019-1010003Jul 11, 2019risk 0.00cvss —epss 0.01
Leanote prior to version 2.6 is affected by: Cross Site Scripting (XSS).
- CVE-2018-18553Oct 22, 2018risk 0.00cvss —epss 0.01
Leanote 2.6.1 has XSS via the Blog Basic Setting title field, which is mishandled during rendering of the "likes" page.
- CVE-2017-1000459Jan 3, 2018risk 0.00cvss —epss 0.01
Leanote version <= 2.5 is vulnerable to XSS due to not sanitized input in markdown notes