1 results (0.003 seconds)
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-43721
https://notcve.org/view.php?id=CVE-2021-43721
Leanote 2.7.0 is vulnerable to Cross Site Scripting (XSS) in the markdown type note. This leads to remote code execution with payload : <video src=x onerror=(function(){require('child_process').exec('calc');})();> Leanote versión 2.7.0, es vulnerable a un ataque de tipo Cross Site Scripting (XSS) en la nota de tipo markdown. Esto conlleva a una ejecución de código remota con carga útil : (video src=x onerror=(function(){require("child_process").exec("calc");})();) • https://github.com/leanote/desktop-app/issues/364 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •