CVE-2018-18524

Name of the Vulnerable Software and Affected Versions Evernote version 6.15

Description The issue is related to an incorrectly repaired stored XSS vulnerability. An attacker can exploit this to inject Node.js code under Present mode. After a victim opens an affected note under Present mode, the attacker can read the victim's files and achieve remote execution of commands on the victim's computer.

Recommendations For Evernote version 6.15, consider disabling the Present mode feature until a patch is available to prevent exploitation of the stored XSS vulnerability. Restrict access to sensitive files and avoid opening notes from untrusted sources to minimize the risk of remote command execution.