Threat Encyclopedia

Security Vulnerability CVE-2018-18524 for Evernote


Evernote 6.15 on Windows has an incorrectly repaired stored XSS vulnerability. An attacker can use this XSS issue to inject Node.js code under Present mode. After a victim opens an affected note under Present mode, the attacker can read the victim's files and achieve remote execution command on the victim's computer.

affected-products-logoAffected Products


CVE References