Evernote Chrome²å¼þXSSÎó²îÇ徲ͨ¸æ,ÍþвÇ徲ͨ¸æ,Çå¾²Ñо¿

Ðû²¼Ê±¼ä 2019-06-14

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-12592£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


ÊÜÓ°ÏìµÄ°æ±¾


ÊÊÓÃÓÚEvernoteµÄChrome²å¼þ£¨Evernote Web Clipper£© < 7.11.1¡£¡£


Îó²î¸ÅÊö


Evernote Web ClipperÊÇÒ»¿îä¯ÀÀÆ÷²å¼þ£¬£¬£¬£¬£¬ËüÊÇÓÐÓ¡ÏóÌõ¼ÇEvernoteÍƳöµÄÒ»¿î¼ô²Ø²å¼þ£¬£¬£¬£¬£¬¿ÉÒÔÒ»¼üÕä²ØÖÖÖÖÍøҳͼÎÄ£¬£¬£¬£¬£¬²¢ÓÀÊÀÉúÑĽøEvernote¡£¡£Í¬Ê±£¬£¬£¬£¬£¬»¹ÄÜÑ¡ÔñÉúÑÄÍøÒ³ÕýÎÄ¡¢Òþ²Ø¹ã¸æ¡¢Õû¸öÒ³Ãæ¡¢ÍøÒ³½ØÆÁµÈ£¬£¬£¬£¬£¬ÈÃÄãƾ֤²î±ðÐèÇ󣬣¬£¬£¬£¬Ñ¡ÔñÉúÑÄÄÚÈÝ¡£¡£


EvernoteµÄChrome²å¼þ£¨Evernote Web Clipper£©Öб£´æÒ»¸öÑÏÖصÄXSSÎó²î£¬£¬£¬£¬£¬¿ÉÔÊÐí¹¥»÷Õß»á¼ûÓû§ÔÚµÚÈý·½Ð§ÀÍÖеÄÃô¸ÐÐÅÏ¢¡£¡£¸ÃÎó²î£¨CVE-2019-12592£©ÊôÓÚ²å¼þÖеıàÂëÂß¼­¹ýʧ£¬£¬£¬£¬£¬¿ÉÈƹýä¯ÀÀÆ÷µÄͬԴսÂÔ£¬£¬£¬£¬£¬Ê¹µÃ¹¥»÷Õß»á¼ûµÚÈý·½Ð§À͵ÄÃô¸ÐÓû§ÐÅÏ¢£¬£¬£¬£¬£¬°üÀ¨Éí·ÝÑéÖ¤ÐÅÏ¢¡¢²ÆÎñÐÅÏ¢¡¢É罻ýÌå̸ÌìÐÅÏ¢¡¢µç×ÓÓʼþÐÅÏ¢µÈ¡£¡£


Îó²îÑéÖ¤


POC£ºhttps://guard.io/blog/evernote-universal-xss-vulnerability¡£¡£


ÐÞ¸´½¨Òé


ÏÖÔÚ³§ÉÌÒÑÐû²¼Ð°汾ÒÔÐÞ¸´Îó²î£¬£¬£¬£¬£¬½¨ÒéÓû§¸üÐÂÖÁ7.11.1¼°¸ü¸ß°æ±¾¡£¡£


²Î¿¼Á´½Ó


https://www.bleepingcomputer.com/news/security/critical-flaw-in-evernote-add-on-exposed-sensitive-data-of-millions/