The exploit developed by the researchers showed that malicious websites can be loaded with harmful payloads which compromise information through Evernote’s internal infrastructure.Marked as CVE-2019-12592, the flaw left sensitive information of around 4.6 million Evernote users vulnerable.According to Guardio’s security researchers, the UXSS flaw was the result of a logical coding error along with an input sanitization issue in the Web Clipper extension. Additionally, a proof-of-concept (PoC) devised by the company showed that Web Clipper could be epxloited to gain sensitive information such as financial transaction history, private shopping lists, and more. Security firm Guardio came across this flaw in the extension last month. The flaw, which is a Universal Cross-site Scripting (UXSS) vulnerability, could permit attackers to access sensitive user information from malicious third-party websites. The flaw existed in the Chrome extension of Evernote Web Clipper.Ī critical flaw in Evernote’s Web Clipper extension had exposed user data of millions of Evernote users.It is estimated that the issue affected around 4.6 million users at the time of its discovery.
0 Comments
Leave a Reply. |