CVE-2020-26157: XSS
First published: Wed Sep 30 2020(Updated: )
Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled during syncing. This leads to remote code execution because of Node integration.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Leanote Leanote | <=2.6.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-26157?
CVE-2020-26157 is a vulnerability in Leanote Desktop through version 2.6.2 that allows for XSS (Cross-Site Scripting) attacks.
What is the severity of CVE-2020-26157?
The severity of CVE-2020-26157 is critical, with a severity value of 9.6.
How does CVE-2020-26157 occur?
CVE-2020-26157 occurs when a note's title is mishandled during syncing in Leanote Desktop.
What is the impact of CVE-2020-26157?
The impact of CVE-2020-26157 is remote code execution due to Node integration.
How can I mitigate CVE-2020-26157?
To mitigate CVE-2020-26157, it is recommended to update Leanote Desktop to version 2.6.3 or later.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/leanote
- canonical/leanote leanote
- version/leanote leanote/2.6.2