VYPR
Vendor

Leanote

Products
3
CVEs
9
Across products
13
Status
Private

Products

3

Recent CVEs

9
  • CVE-2020-26158CriSep 30, 2020
    risk 0.63cvss 9.6epss 0.02

    Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled when the batch feature is triggered. This leads to remote code execution because of Node integration.

  • CVE-2020-26157CriSep 30, 2020
    risk 0.63cvss 9.6epss 0.02

    Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled during syncing. This leads to remote code execution because of Node integration.

  • CVE-2021-43721MedMar 28, 2022
    risk 0.40cvss 6.1epss 0.01

    Leanote 2.7.0 is vulnerable to Cross Site Scripting (XSS) in the markdown type note. This leads to remote code execution with payload :

  • CVE-2019-1010003MedJul 11, 2019
    risk 0.40cvss 6.1epss 0.01

    Leanote prior to version 2.6 is affected by: Cross Site Scripting (XSS).

  • CVE-2018-18553MedOct 22, 2018
    risk 0.40cvss 6.1epss 0.01

    Leanote 2.6.1 has XSS via the Blog Basic Setting title field, which is mishandled during rendering of the "likes" page.

  • CVE-2017-1000459MedJan 3, 2018
    risk 0.40cvss 6.1epss 0.01

    Leanote version <= 2.5 is vulnerable to XSS due to not sanitized input in markdown notes

  • CVE-2024-0849MedFeb 7, 2024
    risk 0.33cvss 5.0epss 0.00

    Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR.

  • CVE-2021-4263LowDec 21, 2022
    risk 0.16cvss 3.5epss 0.01

    A vulnerability, which was classified as problematic, has been found in leanote 2.6.1. This issue affects the function define of the file public/js/plugins/history.js. The manipulation of the argument content leads to cross site scripting. The attack may be initiated remotely.…

  • CVE-2017-1000492MedJan 3, 2018
    risk 0.00cvss 6.1epss 0.01

    Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration