CVE-2020-26158: XSS
First published: Wed Sep 30 2020(Updated: )
Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled when the batch feature is triggered. This leads to remote code execution because of Node integration.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Leanote Leanote | <=2.6.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-26158?
CVE-2020-26158 is a vulnerability in Leanote Desktop version 2.6.2 that allows cross-site scripting (XSS) attacks.
How severe is CVE-2020-26158?
CVE-2020-26158 has a severity rating of 9.6 (critical).
How does CVE-2020-26158 occur?
CVE-2020-26158 occurs due to mishandling of a note's title when the batch feature is triggered in Leanote Desktop.
What is the impact of CVE-2020-26158?
CVE-2020-26158 can lead to remote code execution because of Node integration.
Is there a fix for CVE-2020-26158?
At the moment, there is no known fix for CVE-2020-26158. It is recommended to update to the latest version of Leanote Desktop when a fix becomes available.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/leanote
- canonical/leanote leanote
- version/leanote leanote/2.6.2