Vulnerabilities > Leanote > Leanote > 2.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-30 | CVE-2020-26158 | Cross-site Scripting vulnerability in Leanote Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled when the batch feature is triggered. | 6.8 |
| 2020-09-30 | CVE-2020-26157 | Cross-site Scripting vulnerability in Leanote Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled during syncing. | 6.8 |