Security expert that goes online with the moniker @sebao has discovered a stored cross-site scripting (XSS) vulnerability in the Evernote application for Windows that could be exploited by an attacker to steal files and execute arbitrary commands. The flaw was tracked as CVE-2018-18524 and was initially addressed with the release of Evernotes for Windows 6.16.1 beta in October. The final patch was released earlier this month with the. release of the final patch.”]
Source: https://securityaffairs.co/wordpress/77789/hacking/evernote-xss-flaw.html