CVE-2021-33295

Опубликовано: 16 июн. 2022

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

Cross Site Scripting (XSS) vulnerability in Joplin Desktop App before 1.8.5 allows attackers to execute aribrary code due to improper sanitizing of html.

Ссылки

https://github.com/laurent22/joplin/commit/9c20d5947d1fa4678a8b640792ff3d31224f0adf
Patch
Third Party Advisory
https://github.com/laurent22/joplin/releases/tag/v1.8.5
Release Notes
Third Party Advisory
https://the-it-wonders.blogspot.com/2021/05/joplin-app-desktop-version-vulnerable.html
Exploit
Third Party Advisory
https://github.com/laurent22/joplin/commit/9c20d5947d1fa4678a8b640792ff3d31224f0adf
Patch
Third Party Advisory
https://github.com/laurent22/joplin/releases/tag/v1.8.5
Release Notes
Third Party Advisory
https://the-it-wonders.blogspot.com/2021/05/joplin-app-desktop-version-vulnerable.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:joplin_project:joplin:*:*:*:*:*:-:*:*

Версия до 1.8.5 (исключая)

EPSS

Процентиль: 49%

0.00263

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-phj8-2p6x-hq5r