Description
Cross Site Scripting (XSS) vulnerability in Joplin Desktop App before 1.8.5 allows attackers to execute aribrary code due to improper sanitizing of html.
Recommendation
Update the joplin package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.8.5
- Patched version(s): 1.8.5
References
- GHSA-phj8-2p6x-hq5r
- the-it-wonders.blogspot.com
- CVE-2021-33295
- CWE-79
- CAPEC-310
- OWASP 2021-A3
- OWASP 2021-A6
Related Issues
- Joplin Vulnerable to Cross-site Scripting in Note Content - CVE-2018-1000534
- Remote Code Execution on click of <a> Link in markdown preview - CVE-2024-49362
- Joplin Remote Code Execution - CVE-2022-40277
- Potential XSS vulnerability in jQuery (GHSA-gxr4-xjj5-5px2) - CVE-2020-11022
- Tags:
- npm
- joplin
Anything's wrong? Let us know Last updated on April 23, 2024