2 results (0.019 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR. La versión 2.7.0 de Leanote permite obtener archivos locales arbitrarios. Esto es posible porque la aplicación es vulnerable a LFR. Leanote version 2.7.0 allows obtaining arbitrary local files. • https://fluidattacks.com/advisories/alesso https://github.com/leanote/desktop-app • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-73: External Control of File Name or Path •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration Leanote-desktop v2.5 es vulnerable to XSS, que conduce a la ejecución de código debido a la integración de nodos habilitada. • https://github.com/leanote/desktop-app/commit/a2ed226637f8e66c9b089784b5e58eccf2e2fb30 https://github.com/leanote/leanote/issues/695 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •