Описание
Cross-site Scripting in Joplin
An XSS issue in Joplin desktop allows arbitrary code execution via a malicious HTML embed tag.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-15930
- https://github.com/laurent22/joplin/issues/3552
- https://github.com/laurent22/joplin/commit/57d750bc9aeb0f98d53ed4b924458b54984c15ff
- https://github.com/laurent22/joplin/releases/tag/v1.1.4
- http://packetstormsecurity.com/files/159316/Joplin-1.0.245-Cross-Site-Scripting-Code-Execution.html
Пакеты
Наименование
joplin
npm
Затронутые версииВерсия исправления
>= 1.0.190, < 1.1.7
1.1.7
Связанные уязвимости
CVSS3: 6.1
nvd
больше 5 лет назад
An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows arbitrary code execution via a malicious HTML embed tag.