leanote/desktop-app

leanote/desktop-app

Releases25

Frequency3 months 2 hours

Last Release about 5 years ago

Stars1.56K

Leanote Desktop App, based on Electron(atom-shell) http://leanote.org

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-0849 ↗	Feb 7, 2024Wednesday, 7 February 2024, 03:15	5 MEDIUM	—
Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR.
CVE-2021-43721 ↗	Mar 28, 2022Monday, 28 March 2022, 14:15	6.1 MEDIUM	4.3 MEDIUM
Leanote 2.7.0 is vulnerable to Cross Site Scripting (XSS) in the markdown type note. This leads to remote code execution with payload : <video src=x onerror=(function(){require('child_process').exec('calc');})();>
CVE-2020-26157 ↗	Sep 30, 2020Wednesday, 30 September 2020, 18:15	9.6 CRITICAL	6.8 MEDIUM
Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled during syncing. This leads to remote code execution because of Node integration.
CVE-2020-26158 ↗	Sep 30, 2020Wednesday, 30 September 2020, 18:15	9.6 CRITICAL	6.8 MEDIUM
Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled when the batch feature is triggered. This leads to remote code execution because of Node integration.
CVE-2017-1000492 ↗	Jan 3, 2018Wednesday, 3 January 2018, 01:29	—	4.3 MEDIUM
Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration