Vulnerabilities > Leanote > Leanote > 2.6.1

DATE CVE VULNERABILITY TITLE RISK
2022-12-21 CVE-2021-4263 Cross-site Scripting vulnerability in Leanote 2.6.1
A vulnerability, which was classified as problematic, has been found in leanote 2.6.1.
network
low complexity
leanote CWE-79
6.1
6.1
2020-09-30 CVE-2020-26158 Cross-site Scripting vulnerability in Leanote
Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled when the batch feature is triggered.
network
leanote CWE-79
6.8
6.8
2020-09-30 CVE-2020-26157 Cross-site Scripting vulnerability in Leanote
Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled during syncing.
network
leanote CWE-79
6.8
6.8
2018-10-22 CVE-2018-18553 Cross-site Scripting vulnerability in Leanote 2.6.1
Leanote 2.6.1 has XSS via the Blog Basic Setting title field, which is mishandled during rendering of the "likes" page.
network
leanote CWE-79
4.3
4.3