CVE-2019-1010003
https://notcve.org/view.php?id=CVE-2019-1010003
Leanote prior to version 2.6 is affected by: Cross Site Scripting (XSS). Leanote versiones anterior a versión 2.6, esta afectado por: una vulnerabilidad de tipo Cross Site Scripting (XSS). • https://github.com/leanote/leanote/issues/719 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-18553
https://notcve.org/view.php?id=CVE-2018-18553
Leanote 2.6.1 has XSS via the Blog Basic Setting title field, which is mishandled during rendering of the "likes" page. Leanote 2.6.1 tiene Cross-Site Scripting (XSS) mediante el campo Blog Basic Setting title, que se gestiona de manera incorrecta durante el renderizado de la página "likes". • https://github.com/leanote/leanote/issues/822 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-1000492
https://notcve.org/view.php?id=CVE-2017-1000492
Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration Leanote-desktop v2.5 es vulnerable to XSS, que conduce a la ejecución de código debido a la integración de nodos habilitada. • https://github.com/leanote/desktop-app/commit/a2ed226637f8e66c9b089784b5e58eccf2e2fb30 https://github.com/leanote/leanote/issues/695 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-1000459
https://notcve.org/view.php?id=CVE-2017-1000459
Leanote version <= 2.5 is vulnerable to XSS due to not sanitized input in markdown notes Leanote, en versiones iguales o anteriores a 2.5, es vulnerable a XSS debido a las entradas no saneadas en las notas markdown. • https://github.com/leanote/leanote/issues/676 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •