CVE-2018-18524 (evernote)

Evernote 6.15 on Windows has an incorrectly repaired stored XSS vulnerability. An attacker can use this XSS issue to inject Node.js code under Present mode. After a victim opens an affected note under Present mode, the attacker can read the victim’s files and achieve remote execution command on the victim’s computer.
Source: NIST
CVE-2018-18524 (evernote)