Desktop App
by Leanote
Source repositories
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-0849 | Med | 0.33 | 5.0 | 0.00 | Feb 7, 2024 | Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR. | ||
| CVE-2021-43721 | 0.00 | — | 0.01 | Mar 28, 2022 | Leanote 2.7.0 is vulnerable to Cross Site Scripting (XSS) in the markdown type note. This leads to remote code execution with payload : | |||
| CVE-2017-1000492 | 0.00 | — | 0.01 | Jan 3, 2018 | Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration |
- risk 0.33cvss 5.0epss 0.00
Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR.
- CVE-2021-43721Mar 28, 2022risk 0.00cvss —epss 0.01
Leanote 2.7.0 is vulnerable to Cross Site Scripting (XSS) in the markdown type note. This leads to remote code execution with payload :
- CVE-2017-1000492Jan 3, 2018risk 0.00cvss —epss 0.01
Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration