CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-23745
https://notcve.org/view.php?id=CVE-2024-23745
In Notion Web Clipper 1.0.3(7), a .nib file is susceptible to the Dirty NIB attack. NIB files can be manipulated to execute arbitrary commands. Additionally, even if a NIB file is modified within an application, Gatekeeper may still permit the execution of the application, enabling the execution of arbitrary commands within the application's context. NOTE: the vendor's perspective is that this is simply an instance of CVE-2022-48505, cannot properly be categorized as a product-level vulnerability, and cannot have a product-level fix because it is about incorrect caching of file signatures on macOS. En Notion Web Clipper 1.0.3(7), un archivo .nib es susceptible al ataque Dirty NIB. • https://github.com/louiselalanne/CVE-2024-23745 https://blog.xpnsec.com/dirtynib https://chromium.googlesource.com/chromium/src/+/master/docs/security/faq.md#Why-arent-physically_local-attacks-in-Chromes-threat-model • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12592
https://notcve.org/view.php?id=CVE-2019-12592
A universal Cross-site scripting (UXSS) vulnerability in the Evernote Web Clipper extension before 7.11.1 for Chrome allows remote attackers to run arbitrary web script or HTML in the context of any loaded 3rd-party IFrame. Existe una vulnerabilidad de tipo universal Cross-site scripting (UXSS) en la Evernote Web Clipper extensión anterior 7.11.1 para Chrome permite a los atacantes remotos ejecutar script web o HTML arbitrarios en el contexto de cualquier IFrame de tercero cargado • https://www.cyberscoop.com/evernote-patches-flaw-google-chrome-extension https://www.techrepublic.com/article/evernote-chrome-extension-vulnerability-allowed-attackers-to-steal-4-7m-users-data • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •