Cross-site scripting (XSS) vulnerability in Notes in Apple OS X prior to 10.11 allows local users to inject arbitrary web script or HTML via crafted text.
apple mac os x