GHSA-phj8-2p6x-hq5r

Опубликовано: 17 июн. 2022

Источник: github

Github: Прошло ревью

CVSS3: 5.4

Описание

Joplin Cross Site Scripting Vulnerability via NOSCRIPT tags

Cross Site Scripting (XSS) vulnerability in Joplin Desktop App before 1.8.5 allows attackers to execute aribrary code due to improper sanitizing of html.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2021-33295
https://github.com/laurent22/joplin/commit/9c20d5947d1fa4678a8b640792ff3d31224f0adf
https://github.com/laurent22/joplin/releases/tag/v1.8.5
https://the-it-wonders.blogspot.com/2021/05/joplin-app-desktop-version-vulnerable.html

Пакеты

Наименование

joplin

npm

Затронутые версииВерсия исправления

< 1.8.5

1.8.5

EPSS

Процентиль: 49%

0.00263

Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2021-33295

Дефекты

CWE-79

Связанные уязвимости

CVE-2021-33295

CVSS3: 5.4

nvd

больше 3 лет назад

Cross Site Scripting (XSS) vulnerability in Joplin Desktop App before 1.8.5 allows attackers to execute aribrary code due to improper sanitizing of html.

EPSS

Процентиль: 49%

0.00263

Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2021-33295

Дефекты

CWE-79