Joplin Cross Site Scripting Vulnerability via NOSCRIPT tags

Description

Cross Site Scripting (XSS) vulnerability in Joplin Desktop App before 1.8.5 allows attackers to execute aribrary code due to improper sanitizing of html.

Recommendation

Update the joplin package to the latest compatible version. Followings are version details:

• Affected version(s): < 1.8.5
• Patched version(s): 1.8.5

References

• GHSA-phj8-2p6x-hq5r
• the-it-wonders.blogspot.com
• CVE-2021-33295
• CWE-79
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• Vditor Cross-site Scripting vulnerability - CVE-2021-32855
• textAngular Cross-site Scripting vulnerability - CVE-2021-32854
• Parse Server has a Cross-Site Scripting (XSS) vulnerability via Unescaped Mustache Template Variables - CVE-2025-68115
• @dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via Vulnerability Details - CVE-2022-39350

You might also like:

How do hackers hack websites?

CSRF, XXE, and 12 Other Security Acronyms Explained

Exploiting Server Version Disclosure

Tags:

npm

joplin