The host is installed with Evernote through 6.15 and is prone to a stored XSS vulnerability. A flaw is present in the application, which fails to handle crafted javascript code. Successful exploitation could allow remote attackers to read the victim's files and achieve remote execution command on the victim's computer.