logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2021-33295 joplin

Package

Manager: npm
Name: joplin
Vulnerable Version: >=0 <1.8.5

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0025 pctl0.48078

Details

Joplin Cross Site Scripting Vulnerability via NOSCRIPT tags Cross Site Scripting (XSS) vulnerability in Joplin Desktop App before 1.8.5 allows attackers to execute aribrary code due to improper sanitizing of html.

Metadata

Created: 2022-06-17T00:01:21Z
Modified: 2024-04-23T17:43:32Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-phj8-2p6x-hq5r/GHSA-phj8-2p6x-hq5r.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-phj8-2p6x-hq5r
Finding: F008
Auto approve: 1