CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18553
https://notcve.org/view.php?id=CVE-2018-18553
Leanote 2.6.1 has XSS via the Blog Basic Setting title field, which is mishandled during rendering of the "likes" page. Leanote 2.6.1 tiene Cross-Site Scripting (XSS) mediante el campo Blog Basic Setting title, que se gestiona de manera incorrecta durante el renderizado de la página "likes". • https://github.com/leanote/leanote/issues/822 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-1000459
https://notcve.org/view.php?id=CVE-2017-1000459
Leanote version <= 2.5 is vulnerable to XSS due to not sanitized input in markdown notes Leanote, en versiones iguales o anteriores a 2.5, es vulnerable a XSS debido a las entradas no saneadas en las notas markdown. • https://github.com/leanote/leanote/issues/676 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •