Description
Joplin before 2.0.9 allows Cross-site Scripting via button and form in the note body.
Recommendation
Update the joplin package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.0.9
- Patched version(s): 2.0.9
References
Related Issues
- Joplin Desktop App vulnerable to Cross-site Scripting - CVE-2022-45598
- Joplin Vulnerable to Cross-site Scripting in Note Content - CVE-2018-1000534
- vditor Vulnerable to Cross-site Scripting in SVG events - CVE-2021-4103
- Joplin Cross Site Scripting Vulnerability via NOSCRIPT tags - CVE-2021-33295
- Tags:
- npm
- joplin
Anything's wrong? Let us know Last updated on April 23, 2024