Evernote for Windows patch resolves stored XSS vulnerability

More from: | ZDNET |

Evernote has patched a flaw in the Microsoft Windows version of the app which permitted stored XSS attacks to occur.

More security news

The vulnerability, CVE-2018-18524, has been resolved in Evernote for Windows 6.16.1 beta.

The main security flaw impacted Evernote for Windows 6.14 and was discovered by TongQing Zhu from the Knownsec 404 team.

As described in a blog post last week, the cross-site scripting (XSS) issue was uncovered as local files — including win.ini and calc.exe — were able to be read.

CNET: Hackers reportedly target election officials, voter data ahead of midterms

Evernote permitted the use of characters and phrases such as “onclick = “alert(1) ” when renaming and opening image files, and it


Read full article » https://www.zdnet.com/article/evernote-for-windows-patch-resolves-stored-xss-vulnerability/#ftag=RSSbaffb68

About | ZDNET |

ZDNet brings together the reach of global and the depth of local, delivering 24/7 news coverage and analysis on the trends, technologies and opportunities that matter to IT professionals and decision makers.

Whatever your role in the IT buying cycle, ZDNet provides support -- from investigating options to optimizing a solution. Whether you want to follow hot topics or emerging trends, or keep up to date with the latest news and events, ZDNet is the destination for professionals seeking to research technology-related issues, and solve business technology problems.

»Twitter: @zdnet »Facebook: @ZDNet