CVE-2021-4263

Name of the Vulnerable Software and Affected Versions leanote version 2.6.1

Description A problematic issue has been found in leanote, affecting the function define of the file public/js/plugins/history.js. The manipulation of the content argument leads to cross-site scripting. The attack may be initiated remotely.

Recommendations For leanote version 2.6.1, it is recommended to apply a patch to fix this issue. As a temporary workaround, consider disabling the function define of the file public/js/plugins/history.js until a patch is available. Restrict access to the content argument to minimize the risk of exploitation.