CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39517 – Cross site scripting (XSS) when clicking on an untrusted `<map>` link in Joplin
https://notcve.org/view.php?id=CVE-2023-39517
Joplin is a free, open source note taking and to-do application. A Cross site scripting (XSS) vulnerability in affected versions allows clicking on an untrusted image link to execute arbitrary shell commands. The HTML sanitizer (`packages/renderer/htmlUtils.ts::sanitizeHtml`) preserves `<map>` `<area>` links. However, unlike `<a>` links, the `target` and `href` attributes are not removed. Additionally, because the note preview pane isn't sandboxed to prevent top navigation, links with `target` set to `_top` can replace the toplevel electron page. • https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox https://github.com/laurent22/joplin/commit/7c52c3e9a81a52ef1b42a951f9deb9d378d59b0f https://github.com/laurent22/joplin/security/advisories/GHSA-2h88-m32f-qh5m • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45673 – Arbitrary code execution on click of PDF links in Joplin
https://notcve.org/view.php?id=CVE-2023-45673
Joplin is a free, open source note taking and to-do application. A remote code execution (RCE) vulnerability in affected versions allows clicking on a link in a PDF in an untrusted note to execute arbitrary shell commands. Clicking links in PDFs allows for arbitrary code execution because Joplin desktop: 1. has not disabled top redirection for note viewer iframes, and 2. and has node integration enabled. This is a remote code execution vulnerability that impacts anyone who attaches untrusted PDFs to notes and has the icon enabled. This issue has been addressed in version 2.13.3. • https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox https://github.com/laurent22/joplin/security/advisories/GHSA-g8qx-5vcm-3x59 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37298
https://notcve.org/view.php?id=CVE-2023-37298
Joplin before 2.11.5 allows XSS via a USE element in an SVG document. • https://github.com/laurent22/joplin/commit/caf66068bfc474bbfd505013076ed173cd90ca83 https://github.com/laurent22/joplin/releases/tag/v2.11.5 https://vuln.ryotak.net/advisories/69 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37299
https://notcve.org/view.php?id=CVE-2023-37299
Joplin before 2.11.5 allows XSS via an AREA element of an image map. • https://github.com/laurent22/joplin/commit/9e90d9016daf79b5414646a93fd369aedb035071 https://github.com/laurent22/joplin/releases/tag/v2.11.5 https://vuln.ryotak.net/advisories/68 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45598
https://notcve.org/view.php?id=CVE-2022-45598
Cross Site Scripting vulnerability in Joplin Desktop App before v2.9.17 allows attacker to execute arbitrary code via improper santization. Una vulnerabilidad de cross site scripting en la aplicación de escritorio Joplin anterior a v2.9.17 permite a un atacante ejecutar código arbitrario mediante una sanitización inadecuada. • https://github.com/laurent22/joplin/commit/a2de167b95debad83a0f0c7925a88c0198db812e https://github.com/laurent22/joplin/releases/tag/v2.9.17 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •