Leanote
Products
3- 8 CVEs
- 4 CVEs
- 1 CVE
Recent CVEs
9| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-26158 | Cri | 0.63 | 9.6 | 0.02 | Sep 30, 2020 | Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled when the batch feature is triggered. This leads to remote code execution because of Node integration. | ||
| CVE-2020-26157 | Cri | 0.63 | 9.6 | 0.02 | Sep 30, 2020 | Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled during syncing. This leads to remote code execution because of Node integration. | ||
| CVE-2021-43721 | Med | 0.40 | 6.1 | 0.01 | Mar 28, 2022 | Leanote 2.7.0 is vulnerable to Cross Site Scripting (XSS) in the markdown type note. This leads to remote code execution with payload : | ||
| CVE-2019-1010003 | Med | 0.40 | 6.1 | 0.01 | Jul 11, 2019 | Leanote prior to version 2.6 is affected by: Cross Site Scripting (XSS). | ||
| CVE-2018-18553 | Med | 0.40 | 6.1 | 0.01 | Oct 22, 2018 | Leanote 2.6.1 has XSS via the Blog Basic Setting title field, which is mishandled during rendering of the "likes" page. | ||
| CVE-2017-1000459 | Med | 0.40 | 6.1 | 0.01 | Jan 3, 2018 | Leanote version <= 2.5 is vulnerable to XSS due to not sanitized input in markdown notes | ||
| CVE-2024-0849 | Med | 0.33 | 5.0 | 0.00 | Feb 7, 2024 | Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR. | ||
| CVE-2021-4263 | Low | 0.16 | 3.5 | 0.01 | Dec 21, 2022 | A vulnerability, which was classified as problematic, has been found in leanote 2.6.1. This issue affects the function define of the file public/js/plugins/history.js. The manipulation of the argument content leads to cross site scripting. The attack may be initiated remotely.… | ||
| CVE-2017-1000492 | Med | 0.00 | 6.1 | 0.01 | Jan 3, 2018 | Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration |
- risk 0.63cvss 9.6epss 0.02
Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled when the batch feature is triggered. This leads to remote code execution because of Node integration.
- risk 0.63cvss 9.6epss 0.02
Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled during syncing. This leads to remote code execution because of Node integration.
- risk 0.40cvss 6.1epss 0.01
Leanote 2.7.0 is vulnerable to Cross Site Scripting (XSS) in the markdown type note. This leads to remote code execution with payload :
- risk 0.40cvss 6.1epss 0.01
Leanote prior to version 2.6 is affected by: Cross Site Scripting (XSS).
- risk 0.40cvss 6.1epss 0.01
Leanote 2.6.1 has XSS via the Blog Basic Setting title field, which is mishandled during rendering of the "likes" page.
- risk 0.40cvss 6.1epss 0.01
Leanote version <= 2.5 is vulnerable to XSS due to not sanitized input in markdown notes
- risk 0.33cvss 5.0epss 0.00
Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR.
- risk 0.16cvss 3.5epss 0.01
A vulnerability, which was classified as problematic, has been found in leanote 2.6.1. This issue affects the function define of the file public/js/plugins/history.js. The manipulation of the argument content leads to cross site scripting. The attack may be initiated remotely.…
- risk 0.00cvss 6.1epss 0.01
Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration