2019-05-13 13:02:05
mitre
PUBLISHED
Evernote 6.15 on Windows has an incorrectly repaired stored XSS vulnerability. An attacker can use this XSS issue to inject Node.js code under Present mode. After a victim opens an affected note under Present mode, the attacker can read the victims files and achieve remote execution command on the victims computer.