Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration