In May 2019 Guardio’s research team has discovered a critical vulnerability in Evernote Web Clipper for Chrome. A logical coding error made it possible to break domain-isolation mechanisms and execute code on behalf of the user – granting access to sensitive user information. Financials, social media, personal emails, and more are all natural targets. The Universal XSS vulnerability was marked as CVE-2019-12592. The vulnerability directly impacts third party services and is not limited to a persons account.”]
Source: https://guard.io/blog/evernote-universal-xss-vulnerability