CVE-2020-26157

Published September 30th, 2020

View on NVD ↗

CVSS v3

9.6

CRITICAL

CVSS v2

6.8

MEDIUM

Affected

PROJECT

Description

Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled during syncing. This leads to remote code execution because of Node integration.

leanote/desktop-app

Leanote Desktop App, based on Electron(atom-shell) http://leanote.org

GitHub

1.56K