Threat Encyclopedia

Security Vulnerability CVE-2018-18524 for Evernote

description-logoDescription

Evernote 6.15 on Windows has an incorrectly repaired stored XSS vulnerability. An attacker can use this XSS issue to inject Node.js code under Present mode. After a victim opens an affected note under Present mode, the attacker can read the victim's files and achieve remote execution command on the victim's computer.

affected-products-logoAffected Products

Evernote

CVE References

CVE-2018-18524