Vulnerabilities > Leanote
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-07 | CVE-2024-0849 | Path Traversal vulnerability in Leanote Desktop 2.7.0 Leanote version 2.7.0 allows obtaining arbitrary local files. | 5.5 |
| 2022-12-21 | CVE-2021-4263 | Cross-site Scripting vulnerability in Leanote 2.6.1 A vulnerability, which was classified as problematic, has been found in leanote 2.6.1. | 6.1 |
| 2022-03-28 | CVE-2021-43721 | Cross-site Scripting vulnerability in Leanote 2.7.0 Leanote 2.7.0 is vulnerable to Cross Site Scripting (XSS) in the markdown type note. | 4.3 |
| 2020-09-30 | CVE-2020-26158 | Cross-site Scripting vulnerability in Leanote Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled when the batch feature is triggered. | 6.8 |
| 2020-09-30 | CVE-2020-26157 | Cross-site Scripting vulnerability in Leanote Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled during syncing. | 6.8 |
| 2019-07-11 | CVE-2019-1010003 | Cross-site Scripting vulnerability in Leanote Leanote prior to version 2.6 is affected by: Cross Site Scripting (XSS). | 3.5 |
| 2018-10-22 | CVE-2018-18553 | Cross-site Scripting vulnerability in Leanote 2.6.1 Leanote 2.6.1 has XSS via the Blog Basic Setting title field, which is mishandled during rendering of the "likes" page. | 4.3 |
| 2018-01-03 | CVE-2017-1000492 | Cross-site Scripting vulnerability in Leanote Desktop 2.5 Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration | 4.3 |
| 2018-01-03 | CVE-2017-1000459 | Cross-site Scripting vulnerability in Leanote Leanote version <= 2.5 is vulnerable to XSS due to not sanitized input in markdown notes | 4.3 |