Security News > 2019 > June > Evernote Chrome extension flaw could have allowed access to personal info

Evernote Chrome extension flaw could have allowed access to personal info
2019-06-13 08:17

Guardio discovered a major flaw in Evernote’s Web Clipper Chrome extension’s code that left it vulnerable, potentially allowing threat actors to access personal information from users’ online services. The vulnerability, a Universal XSS marked CVE-2019-12592, was discovered as part of Guardio’s ongoing security analysis efforts using a combination of internal technology and researchers. Guardio disclosed the vulnerabilities to Evernote during the last week of May, which prompted Evernote to address them and roll out a … More → The post Evernote Chrome extension flaw could have allowed access to personal info appeared first on Help Net Security.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/HaAA5Ip_0K4/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2019-06-18 CVE-2019-12592 Cross-site Scripting vulnerability in Evernote web Clipper
A universal Cross-site scripting (UXSS) vulnerability in the Evernote Web Clipper extension before 7.11.1 for Chrome allows remote attackers to run arbitrary web script or HTML in the context of any loaded 3rd-party IFrame.
network
low complexity
evernote CWE-79
6.1
6.1

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Evernote 3 0 5 6 1 12