Description
Cross Site Scripting vulnerability in Joplin Desktop App before v2.9.17 allows attacker to execute arbitrary code via improper santization.
Recommendation
Update the joplin package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.9.17
- Patched version(s): 2.9.17
References
Related Issues
- Jodit Editor vulnerable to Cross-site Scripting (GHSA-42hx-vrxx-5r6v) - CVE-2022-23461
- Joplin Vulnerable to Cross-site Scripting in Note Content - CVE-2018-1000534
- Joplin vulnerable to Cross-site Scripting in notes - CVE-2021-37916
- Toast UI Grid vulnerable to Cross-site Scripting - CVE-2022-23458
- Tags:
- npm
- joplin
Anything's wrong? Let us know Last updated on February 08, 2023