CVE-2019-12592

A universal Cross-site scripting (UXSS) vulnerability in the Evernote Web Clipper extension before 7.11.1 for Chrome allows remote attackers to run arbitrary web script or HTML in the context of any loaded 3rd-party IFrame.
Configurations

Configuration 1 (hide)

cpe:2.3:a:evernote:web_clipper:*:*:*:*:*:chrome:*:*

History

21 Nov 2024, 04:23

Type Values Removed Values Added
References () https://www.cyberscoop.com/evernote-patches-flaw-google-chrome-extension/ - Press/Media Coverage, Third Party Advisory () https://www.cyberscoop.com/evernote-patches-flaw-google-chrome-extension/ - Press/Media Coverage, Third Party Advisory
References () https://www.techrepublic.com/article/evernote-chrome-extension-vulnerability-allowed-attackers-to-steal-4-7m-users-data/ - Press/Media Coverage, Third Party Advisory () https://www.techrepublic.com/article/evernote-chrome-extension-vulnerability-allowed-attackers-to-steal-4-7m-users-data/ - Press/Media Coverage, Third Party Advisory

Information

Published : 2019-06-18 21:15

Updated : 2024-11-21 04:23


NVD link : CVE-2019-12592

Mitre link : CVE-2019-12592

CVE.ORG link : CVE-2019-12592


JSON object : View

Products Affected

evernote

  • web_clipper
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')