Описание
Joplin is a free, open source note taking and to-do application. Joplin fails to take into account that "<" followed by a non letter character will not be considered html. As such it is possible to do an XSS by putting an "illegal" tag within a tag.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| joplin | itp | package |
EPSS
Процентиль: 68%
0.00556
Низкий
Связанные уязвимости
CVSS3: 9.6
nvd
больше 1 года назад
Joplin is a free, open source note taking and to-do application. Joplin fails to take into account that "<" followed by a non letter character will not be considered html. As such it is possible to do an XSS by putting an "illegal" tag within a tag.
EPSS
Процентиль: 68%
0.00556
Низкий