CVE-2018-18553by Jeremyin Security Bulletinson Posted on October 22, 2018 Leanote 2.6.1 has XSS via the Blog Basic Setting title field, which is mishandled during rendering of the “likes” page.