CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37298
https://notcve.org/view.php?id=CVE-2023-37298
Joplin before 2.11.5 allows XSS via a USE element in an SVG document. • https://github.com/laurent22/joplin/commit/caf66068bfc474bbfd505013076ed173cd90ca83 https://github.com/laurent22/joplin/releases/tag/v2.11.5 https://vuln.ryotak.net/advisories/69 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37299
https://notcve.org/view.php?id=CVE-2023-37299
Joplin before 2.11.5 allows XSS via an AREA element of an image map. • https://github.com/laurent22/joplin/commit/9e90d9016daf79b5414646a93fd369aedb035071 https://github.com/laurent22/joplin/releases/tag/v2.11.5 https://vuln.ryotak.net/advisories/68 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45598
https://notcve.org/view.php?id=CVE-2022-45598
Cross Site Scripting vulnerability in Joplin Desktop App before v2.9.17 allows attacker to execute arbitrary code via improper santization. Una vulnerabilidad de cross site scripting en la aplicación de escritorio Joplin anterior a v2.9.17 permite a un atacante ejecutar código arbitrario mediante una sanitización inadecuada. • https://github.com/laurent22/joplin/commit/a2de167b95debad83a0f0c7925a88c0198db812e https://github.com/laurent22/joplin/releases/tag/v2.9.17 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-33295
https://notcve.org/view.php?id=CVE-2021-33295
Cross Site Scripting (XSS) vulnerability in Joplin Desktop App before 1.8.5 allows attackers to execute aribrary code due to improper sanitizing of html. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en Joplin Desktop App versiones anteriores a 1.8.5, permite a atacantes ejecutar código arbitrario debido a un saneo inapropiado del html • https://github.com/laurent22/joplin/commit/9c20d5947d1fa4678a8b640792ff3d31224f0adf https://github.com/laurent22/joplin/releases/tag/v1.8.5 https://the-it-wonders.blogspot.com/2021/05/joplin-app-desktop-version-vulnerable.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23431 – Cross-site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2021-23431
The package joplin before 2.3.2 are vulnerable to Cross-site Request Forgery (CSRF) due to missing CSRF checks in various forms. El paquete joplin versiones anteriores a 2.3.2, es vulnerable a un ataque de tipo Cross-site Request Forgery (CSRF) debido a que faltan comprobaciones de tipo CSRF en varios formularios. • https://github.com/laurent22/joplin/commit/19b45de2981c09f6f387498ef96d32b4811eba5e https://snyk.io/vuln/SNYK-JS-JOPLIN-1325537 • CWE-352: Cross-Site Request Forgery (CSRF) •