Description
Joplin allows XSS via a LINK element in a note.
Recommendation
Update the joplin package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.3.11
- Patched version(s): 1.3.11
References
Related Issues
- Cross-site Scripting in Joplin (GHSA-6r7x-hc8m-985r) - CVE-2020-9038
- Cross-site scripting in jspdf (GHSA-vh59-v9r5-4mh4) - CVE-2020-7690
- Cross-site Scripting in Joplin - CVE-2020-15930
- Joplin Cross-site Scripting vulnerability (GHSA-7grw-xfx6-qhx6) - CVE-2023-37298
- Tags:
- npm
- joplin
Anything's wrong? Let us know Last updated on February 01, 2023