Description
Joplin through 1.0.184 allows Arbitrary File Read via Cross-site Scripting (XSS).
Recommendation
Update the joplin package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.2.1
- Patched version(s): 1.2.1
References
Related Issues
- Cross-site scripting in Joplin (GHSA-q26w-wjj2-22vv) - CVE-2020-28249
- Cross-site scripting in jspdf (GHSA-vh59-v9r5-4mh4) - CVE-2020-7690
- Cross-site Scripting in dompurify (GHSA-63q7-h895-m982) - CVE-2020-26870
- Cross-Site Scripting in Prism (GHSA-wvhm-4hhf-97x9) - CVE-2020-15138
- Tags:
- npm
- joplin
Anything's wrong? Let us know Last updated on February 01, 2023