Vulnerabilities/

Cross-site Scripting in Joplin

Severity:: Medium

Description

An XSS issue in Joplin desktop allows arbitrary code execution via a malicious HTML embed tag.

Recommendation

Update the joplin package to the latest compatible version. Followings are version details:

Affected version(s): >= 1.0.190, < 1.1.7
Patched version(s): 1.1.7

References

Related Issues

Tags:: npm; joplin

Anything's wrong? Let us know Last updated on January 29, 2023