Evernote Chrome²å¼þXSSÎó²îÇ徲ͨ¸æ,ÍþвÇ徲ͨ¸æ,Çå¾²Ñо¿

Ðû²¼Ê±¼ä 2019-06-14

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-12592£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


ÊÜÓ°ÏìµÄ°æ±¾


ÊÊÓÃÓÚEvernoteµÄChrome²å¼þ£¨Evernote Web Clipper£© < 7.11.1¡£¡£¡£¡£¡£¡£


Îó²î¸ÅÊö


Evernote Web ClipperÊÇÒ»¿îä¯ÀÀÆ÷²å¼þ£¬£¬£¬£¬£¬£¬ËüÊÇÓÐÓ¡ÏóÌõ¼ÇEvernoteÍƳöµÄÒ»¿î¼ô²Ø²å¼þ£¬£¬£¬£¬£¬£¬¿ÉÒÔÒ»¼üÕä²ØÖÖÖÖÍøҳͼÎÄ£¬£¬£¬£¬£¬£¬²¢ÓÀÊÀÉúÑĽøEvernote¡£¡£¡£¡£¡£¡£Í¬Ê±£¬£¬£¬£¬£¬£¬»¹ÄÜÑ¡ÔñÉúÑÄÍøÒ³ÕýÎÄ¡¢Òþ²Ø¹ã¸æ¡¢Õû¸öÒ³Ãæ¡¢ÍøÒ³½ØÆÁµÈ£¬£¬£¬£¬£¬£¬ÈÃÄãƾ֤²î±ðÐèÇ󣬣¬£¬£¬£¬£¬Ñ¡ÔñÉúÑÄÄÚÈÝ¡£¡£¡£¡£¡£¡£


EvernoteµÄChrome²å¼þ£¨Evernote Web Clipper£©Öб£´æÒ»¸öÑÏÖصÄXSSÎó²î£¬£¬£¬£¬£¬£¬¿ÉÔÊÐí¹¥»÷Õß»á¼ûÓû§ÔÚµÚÈý·½Ð§ÀÍÖеÄÃô¸ÐÐÅÏ¢¡£¡£¡£¡£¡£¡£¸ÃÎó²î£¨CVE-2019-12592£©ÊôÓÚ²å¼þÖеıàÂëÂß¼­¹ýʧ£¬£¬£¬£¬£¬£¬¿ÉÈƹýä¯ÀÀÆ÷µÄͬԴսÂÔ£¬£¬£¬£¬£¬£¬Ê¹µÃ¹¥»÷Õß»á¼ûµÚÈý·½Ð§À͵ÄÃô¸ÐÓû§ÐÅÏ¢£¬£¬£¬£¬£¬£¬°üÀ¨Éí·ÝÑéÖ¤ÐÅÏ¢¡¢²ÆÎñÐÅÏ¢¡¢É罻ýÌå̸ÌìÐÅÏ¢¡¢µç×ÓÓʼþÐÅÏ¢µÈ¡£¡£¡£¡£¡£¡£


Îó²îÑéÖ¤


POC£ºhttps://guard.io/blog/evernote-universal-xss-vulnerability¡£¡£¡£¡£¡£¡£


ÐÞ¸´½¨Òé


ÏÖÔÚ³§ÉÌÒÑÐû²¼Ð°汾ÒÔÐÞ¸´Îó²î£¬£¬£¬£¬£¬£¬½¨ÒéÓû§¸üÐÂÖÁ7.11.1¼°¸ü¸ß°æ±¾¡£¡£¡£¡£¡£¡£


²Î¿¼Á´½Ó


https://www.bleepingcomputer.com/news/security/critical-flaw-in-evernote-add-on-exposed-sensitive-data-of-millions/