Vulnerabilites related to joplin_project - joplin
CVE-2024-49362 (GCVE-0-2024-49362)
Vulnerability from cvelistv5
Published
2024-11-14 17:37
Modified
2024-11-14 21:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Summary
Joplin is a free, open source note taking and to-do application. Joplin-desktop has a vulnerability that leads to remote code execution (RCE) when a user clicks on an <a> link within untrusted notes. The issue arises due to insufficient sanitization of <a> tag attributes introduced by the Mermaid. This vulnerability allows the execution of untrusted HTML content within the Electron window, which has full access to Node.js APIs, enabling arbitrary shell command execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/laurent22/joplin/security/advisories/GHSA-hff8-hjwv-j9q7 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:joplinapp:joplin:*:*:*:*:*:node.js:*:*"
],
"defaultStatus": "unknown",
"product": "joplin",
"vendor": "joplinapp",
"versions": [
{
"lessThan": "3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49362",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T21:38:47.636782Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T21:39:43.794Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "joplin",
"vendor": "laurent22",
"versions": [
{
"status": "affected",
"version": "\u003c 3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Joplin is a free, open source note taking and to-do application. Joplin-desktop has a vulnerability that leads to remote code execution (RCE) when a user clicks on an \u003ca\u003e link within untrusted notes. The issue arises due to insufficient sanitization of \u003ca\u003e tag attributes introduced by the Mermaid. This vulnerability allows the execution of untrusted HTML content within the Electron window, which has full access to Node.js APIs, enabling arbitrary shell command execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T17:37:09.700Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/laurent22/joplin/security/advisories/GHSA-hff8-hjwv-j9q7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-hff8-hjwv-j9q7"
}
],
"source": {
"advisory": "GHSA-hff8-hjwv-j9q7",
"discovery": "UNKNOWN"
},
"title": "Remote Code Execution on click of \u003ca\u003e Link in markdown preview"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-49362",
"datePublished": "2024-11-14T17:37:09.700Z",
"dateReserved": "2024-10-14T13:56:34.810Z",
"dateUpdated": "2024-11-14T21:39:43.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33295 (GCVE-0-2021-33295)
Vulnerability from cvelistv5
Published
2022-06-16 20:36
Modified
2024-08-03 23:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross Site Scripting (XSS) vulnerability in Joplin Desktop App before 1.8.5 allows attackers to execute aribrary code due to improper sanitizing of html.
References
| ▼ | URL | Tags |
|---|---|---|
| https://the-it-wonders.blogspot.com/2021/05/joplin-app-desktop-version-vulnerable.html | x_refsource_MISC | |
| https://github.com/laurent22/joplin/releases/tag/v1.8.5 | x_refsource_MISC | |
| https://github.com/laurent22/joplin/commit/9c20d5947d1fa4678a8b640792ff3d31224f0adf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:42:20.415Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://the-it-wonders.blogspot.com/2021/05/joplin-app-desktop-version-vulnerable.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laurent22/joplin/releases/tag/v1.8.5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laurent22/joplin/commit/9c20d5947d1fa4678a8b640792ff3d31224f0adf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in Joplin Desktop App before 1.8.5 allows attackers to execute aribrary code due to improper sanitizing of html."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-16T20:36:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://the-it-wonders.blogspot.com/2021/05/joplin-app-desktop-version-vulnerable.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laurent22/joplin/releases/tag/v1.8.5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laurent22/joplin/commit/9c20d5947d1fa4678a8b640792ff3d31224f0adf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-33295",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS) vulnerability in Joplin Desktop App before 1.8.5 allows attackers to execute aribrary code due to improper sanitizing of html."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://the-it-wonders.blogspot.com/2021/05/joplin-app-desktop-version-vulnerable.html",
"refsource": "MISC",
"url": "https://the-it-wonders.blogspot.com/2021/05/joplin-app-desktop-version-vulnerable.html"
},
{
"name": "https://github.com/laurent22/joplin/releases/tag/v1.8.5",
"refsource": "MISC",
"url": "https://github.com/laurent22/joplin/releases/tag/v1.8.5"
},
{
"name": "https://github.com/laurent22/joplin/commit/9c20d5947d1fa4678a8b640792ff3d31224f0adf",
"refsource": "MISC",
"url": "https://github.com/laurent22/joplin/commit/9c20d5947d1fa4678a8b640792ff3d31224f0adf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33295",
"datePublished": "2022-06-16T20:36:16",
"dateReserved": "2021-05-20T00:00:00",
"dateUpdated": "2024-08-03T23:42:20.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37299 (GCVE-0-2023-37299)
Vulnerability from cvelistv5
Published
2023-06-30 00:00
Modified
2024-11-27 15:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Joplin before 2.11.5 allows XSS via an AREA element of an image map.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:09:34.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/laurent22/joplin/releases/tag/v2.11.5"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/laurent22/joplin/commit/9e90d9016daf79b5414646a93fd369aedb035071"
},
{
"tags": [
"x_transferred"
],
"url": "https://vuln.ryotak.net/advisories/68"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37299",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T15:29:00.534673Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T15:29:11.619Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Joplin before 2.11.5 allows XSS via an AREA element of an image map."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-30T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/laurent22/joplin/releases/tag/v2.11.5"
},
{
"url": "https://github.com/laurent22/joplin/commit/9e90d9016daf79b5414646a93fd369aedb035071"
},
{
"url": "https://vuln.ryotak.net/advisories/68"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-37299",
"datePublished": "2023-06-30T00:00:00",
"dateReserved": "2023-06-30T00:00:00",
"dateUpdated": "2024-11-27T15:29:11.619Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-28249 (GCVE-0-2020-28249)
Vulnerability from cvelistv5
Published
2020-11-06 06:05
Modified
2024-08-04 16:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/laurent22/joplin/releases | x_refsource_MISC | |
| https://github.com/fhlip0/JopinXSS | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:33:58.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laurent22/joplin/releases"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fhlip0/JopinXSS"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-06T06:05:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laurent22/joplin/releases"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fhlip0/JopinXSS"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28249",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/laurent22/joplin/releases",
"refsource": "MISC",
"url": "https://github.com/laurent22/joplin/releases"
},
{
"name": "https://github.com/fhlip0/JopinXSS",
"refsource": "MISC",
"url": "https://github.com/fhlip0/JopinXSS"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-28249",
"datePublished": "2020-11-06T06:05:55",
"dateReserved": "2020-11-06T00:00:00",
"dateUpdated": "2024-08-04T16:33:58.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37298 (GCVE-0-2023-37298)
Vulnerability from cvelistv5
Published
2023-06-30 00:00
Modified
2024-11-27 15:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Joplin before 2.11.5 allows XSS via a USE element in an SVG document.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:09:34.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/laurent22/joplin/releases/tag/v2.11.5"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/laurent22/joplin/commit/caf66068bfc474bbfd505013076ed173cd90ca83"
},
{
"tags": [
"x_transferred"
],
"url": "https://vuln.ryotak.net/advisories/69"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37298",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T15:29:49.340418Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T15:30:00.464Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Joplin before 2.11.5 allows XSS via a USE element in an SVG document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-30T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/laurent22/joplin/releases/tag/v2.11.5"
},
{
"url": "https://github.com/laurent22/joplin/commit/caf66068bfc474bbfd505013076ed173cd90ca83"
},
{
"url": "https://vuln.ryotak.net/advisories/69"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-37298",
"datePublished": "2023-06-30T00:00:00",
"dateReserved": "2023-06-30T00:00:00",
"dateUpdated": "2024-11-27T15:30:00.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15930 (GCVE-0-2020-15930)
Vulnerability from cvelistv5
Published
2020-09-24 18:41
Modified
2024-08-04 13:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows arbitrary code execution via a malicious HTML embed tag.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/laurent22/joplin/issues/3552 | x_refsource_MISC | |
| https://github.com/laurent22/joplin/releases/tag/v1.1.4 | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/159316/Joplin-1.0.245-Cross-Site-Scripting-Code-Execution.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:30:23.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laurent22/joplin/issues/3552"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/laurent22/joplin/releases/tag/v1.1.4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/159316/Joplin-1.0.245-Cross-Site-Scripting-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-09-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows arbitrary code execution via a malicious HTML embed tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-28T22:06:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laurent22/joplin/issues/3552"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/laurent22/joplin/releases/tag/v1.1.4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/159316/Joplin-1.0.245-Cross-Site-Scripting-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15930",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows arbitrary code execution via a malicious HTML embed tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/laurent22/joplin/issues/3552",
"refsource": "MISC",
"url": "https://github.com/laurent22/joplin/issues/3552"
},
{
"name": "https://github.com/laurent22/joplin/releases/tag/v1.1.4",
"refsource": "CONFIRM",
"url": "https://github.com/laurent22/joplin/releases/tag/v1.1.4"
},
{
"name": "http://packetstormsecurity.com/files/159316/Joplin-1.0.245-Cross-Site-Scripting-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/159316/Joplin-1.0.245-Cross-Site-Scripting-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15930",
"datePublished": "2020-09-24T18:41:38",
"dateReserved": "2020-07-24T00:00:00",
"dateUpdated": "2024-08-04T13:30:23.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39517 (GCVE-0-2023-39517)
Vulnerability from cvelistv5
Published
2024-06-21 19:41
Modified
2024-08-02 18:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Joplin is a free, open source note taking and to-do application. A Cross site scripting (XSS) vulnerability in affected versions allows clicking on an untrusted image link to execute arbitrary shell commands. The HTML sanitizer (`packages/renderer/htmlUtils.ts::sanitizeHtml`) preserves `<map>` `<area>` links. However, unlike `<a>` links, the `target` and `href` attributes are not removed. Additionally, because the note preview pane isn't sandboxed to prevent top navigation, links with `target` set to `_top` can replace the toplevel electron page. Because any toplevel electron page, with Joplin's setup, has access to `require` and can require node libraries, a malicious replacement toplevel page can import `child_process` and execute arbitrary shell commands. This issue has been fixed in commit 7c52c3e9a81a52ef1b42a951f9deb9d378d59b0f which is included in release version 2.12.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/laurent22/joplin/security/advisories/GHSA-2h88-m32f-qh5m | x_refsource_CONFIRM | |
| https://github.com/laurent22/joplin/commit/7c52c3e9a81a52ef1b42a951f9deb9d378d59b0f | x_refsource_MISC | |
| https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39517",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-24T14:08:13.318984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-24T14:08:38.720Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:21.108Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/laurent22/joplin/security/advisories/GHSA-2h88-m32f-qh5m",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-2h88-m32f-qh5m"
},
{
"name": "https://github.com/laurent22/joplin/commit/7c52c3e9a81a52ef1b42a951f9deb9d378d59b0f",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laurent22/joplin/commit/7c52c3e9a81a52ef1b42a951f9deb9d378d59b0f"
},
{
"name": "https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "joplin",
"vendor": "laurent22",
"versions": [
{
"status": "affected",
"version": "\u003c 2.12.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Joplin is a free, open source note taking and to-do application. A Cross site scripting (XSS) vulnerability in affected versions allows clicking on an untrusted image link to execute arbitrary shell commands. The HTML sanitizer (`packages/renderer/htmlUtils.ts::sanitizeHtml`) preserves `\u003cmap\u003e` `\u003carea\u003e` links. However, unlike `\u003ca\u003e` links, the `target` and `href` attributes are not removed. Additionally, because the note preview pane isn\u0027t sandboxed to prevent top navigation, links with `target` set to `_top` can replace the toplevel electron page. Because any toplevel electron page, with Joplin\u0027s setup, has access to `require` and can require node libraries, a malicious replacement toplevel page can import `child_process` and execute arbitrary shell commands. This issue has been fixed in commit 7c52c3e9a81a52ef1b42a951f9deb9d378d59b0f which is included in release version 2.12.8. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T19:41:48.945Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/laurent22/joplin/security/advisories/GHSA-2h88-m32f-qh5m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-2h88-m32f-qh5m"
},
{
"name": "https://github.com/laurent22/joplin/commit/7c52c3e9a81a52ef1b42a951f9deb9d378d59b0f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laurent22/joplin/commit/7c52c3e9a81a52ef1b42a951f9deb9d378d59b0f"
},
{
"name": "https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox",
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox"
}
],
"source": {
"advisory": "GHSA-2h88-m32f-qh5m",
"discovery": "UNKNOWN"
},
"title": "Cross site scripting (XSS) when clicking on an untrusted `\u003cmap\u003e` link in Joplin"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-39517",
"datePublished": "2024-06-21T19:41:48.945Z",
"dateReserved": "2023-08-03T16:27:36.261Z",
"dateUpdated": "2024-08-02T18:10:21.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37898 (GCVE-0-2023-37898)
Vulnerability from cvelistv5
Published
2024-06-21 19:45
Modified
2024-08-02 17:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Joplin is a free, open source note taking and to-do application. A Cross-site Scripting (XSS) vulnerability allows an untrusted note opened in safe mode to execute arbitrary code. `packages/renderer/MarkupToHtml.ts` renders note content in safe mode by surrounding it with <pre> and </pre>, without escaping any interior HTML tags. Thus, an attacker can create a note that closes the opening <pre> tag, then includes HTML that runs JavaScript. Because the rendered markdown iframe has the same origin as the toplevel document and is not sandboxed, any scripts running in the preview iframe can access the top variable and, thus, access the toplevel NodeJS `require` function. `require` can then be used to import modules like fs or child_process and run arbitrary commands. This issue has been addressed in version 2.12.9 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/laurent22/joplin/security/advisories/GHSA-hjmq-3qh4-g2r8 | x_refsource_CONFIRM | |
| https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox | x_refsource_MISC |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:laurent_22:joplin:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "joplin",
"vendor": "laurent_22",
"versions": [
{
"lessThan": "2.12.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37898",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-02T20:15:32.988834Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T20:16:59.210Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:23:27.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/laurent22/joplin/security/advisories/GHSA-hjmq-3qh4-g2r8",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-hjmq-3qh4-g2r8"
},
{
"name": "https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "joplin",
"vendor": "laurent22",
"versions": [
{
"status": "affected",
"version": "\u003c 2.12.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Joplin is a free, open source note taking and to-do application. A Cross-site Scripting (XSS) vulnerability allows an untrusted note opened in safe mode to execute arbitrary code. `packages/renderer/MarkupToHtml.ts` renders note content in safe mode by surrounding it with \u003cpre\u003e and \u003c/pre\u003e, without escaping any interior HTML tags. Thus, an attacker can create a note that closes the opening \u003cpre\u003e tag, then includes HTML that runs JavaScript. Because the rendered markdown iframe has the same origin as the toplevel document and is not sandboxed, any scripts running in the preview iframe can access the top variable and, thus, access the toplevel NodeJS `require` function. `require` can then be used to import modules like fs or child_process and run arbitrary commands. This issue has been addressed in version 2.12.9 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T19:45:19.982Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/laurent22/joplin/security/advisories/GHSA-hjmq-3qh4-g2r8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-hjmq-3qh4-g2r8"
},
{
"name": "https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox",
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox"
}
],
"source": {
"advisory": "GHSA-hjmq-3qh4-g2r8",
"discovery": "UNKNOWN"
},
"title": "Safe mode Cross-site Scripting (XSS) vulnerability in Joplin"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-37898",
"datePublished": "2024-06-21T19:45:19.982Z",
"dateReserved": "2023-07-10T17:51:29.610Z",
"dateUpdated": "2024-08-02T17:23:27.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-55630 (GCVE-0-2024-55630)
Vulnerability from cvelistv5
Published
2025-02-07 22:23
Modified
2025-02-10 17:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Joplin's HTML sanitizer allows the `name` attribute to be specified. If `name` is set to the same value as an existing `document` property (e.g. `querySelector`), that property is replaced with the element. This vulnerability's only known impact is denial of service. The note viewer fails to refresh until closed and re-opened with a different note. This issue has been addressed in version 3.2.8 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/laurent22/joplin/security/advisories/GHSA-5cch-jr52-qffh | x_refsource_CONFIRM | |
| https://github.com/laurent22/joplin/commit/e70efcbd60ce62f06e77c183b362c74e636c02d9 | x_refsource_MISC | |
| https://en.wikipedia.org/wiki/DOM_clobbering | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55630",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T17:18:30.584649Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T17:18:47.395Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-5cch-jr52-qffh"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "joplin",
"vendor": "laurent22",
"versions": [
{
"status": "affected",
"version": "\u003c 3.2.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Joplin\u0027s HTML sanitizer allows the `name` attribute to be specified. If `name` is set to the same value as an existing `document` property (e.g. `querySelector`), that property is replaced with the element. This vulnerability\u0027s only known impact is denial of service. The note viewer fails to refresh until closed and re-opened with a different note. This issue has been addressed in version 3.2.8 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T22:23:04.109Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/laurent22/joplin/security/advisories/GHSA-5cch-jr52-qffh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-5cch-jr52-qffh"
},
{
"name": "https://github.com/laurent22/joplin/commit/e70efcbd60ce62f06e77c183b362c74e636c02d9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laurent22/joplin/commit/e70efcbd60ce62f06e77c183b362c74e636c02d9"
},
{
"name": "https://en.wikipedia.org/wiki/DOM_clobbering",
"tags": [
"x_refsource_MISC"
],
"url": "https://en.wikipedia.org/wiki/DOM_clobbering"
}
],
"source": {
"advisory": "GHSA-5cch-jr52-qffh",
"discovery": "UNKNOWN"
},
"title": "DOM Clobbering leads to temporary DOS in the note viewer in Joplin"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-55630",
"datePublished": "2025-02-07T22:23:04.109Z",
"dateReserved": "2024-12-09T17:48:05.557Z",
"dateUpdated": "2025-02-10T17:18:47.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24028 (GCVE-0-2025-24028)
Vulnerability from cvelistv5
Published
2025-02-07 22:23
Modified
2025-02-10 17:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by differences between how Joplin's HTML sanitizer handles comments and how the browser handles comments. This affects both the Rich Text Editor and the Markdown viewer. However, unlike the Rich Text Editor, the Markdown viewer is `cross-origin isolated`, which prevents JavaScript from directly accessing functions/variables in the toplevel Joplin `window`. This issue is not present in Joplin 3.1.24 and may have been introduced in `9b50539`. This is an XSS vulnerability that impacts users that open untrusted notes in the Rich Text Editor. This vulnerability has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/laurent22/joplin/security/advisories/GHSA-5w3c-wph9-hq92 | x_refsource_CONFIRM | |
| https://github.com/laurent22/joplin/commit/2a058ed8097c2502e152b26394dc1917897f5817 | x_refsource_MISC | |
| https://github.com/laurent22/joplin/commit/9b505395918bc923f34fe6f3b960bb10e8cf234e | x_refsource_MISC | |
| https://joplinapp.org/help/dev/spec/note_viewer_isolation | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24028",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T17:17:07.855594Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T17:17:41.159Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-5w3c-wph9-hq92"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "joplin",
"vendor": "laurent22",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.2.6, \u003c 3.2.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by differences between how Joplin\u0027s HTML sanitizer handles comments and how the browser handles comments. This affects both the Rich Text Editor and the Markdown viewer. However, unlike the Rich Text Editor, the Markdown viewer is `cross-origin isolated`, which prevents JavaScript from directly accessing functions/variables in the toplevel Joplin `window`. This issue is not present in Joplin 3.1.24 and may have been introduced in `9b50539`. This is an XSS vulnerability that impacts users that open untrusted notes in the Rich Text Editor. This vulnerability has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T22:23:07.275Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/laurent22/joplin/security/advisories/GHSA-5w3c-wph9-hq92",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-5w3c-wph9-hq92"
},
{
"name": "https://github.com/laurent22/joplin/commit/2a058ed8097c2502e152b26394dc1917897f5817",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laurent22/joplin/commit/2a058ed8097c2502e152b26394dc1917897f5817"
},
{
"name": "https://github.com/laurent22/joplin/commit/9b505395918bc923f34fe6f3b960bb10e8cf234e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laurent22/joplin/commit/9b505395918bc923f34fe6f3b960bb10e8cf234e"
},
{
"name": "https://joplinapp.org/help/dev/spec/note_viewer_isolation",
"tags": [
"x_refsource_MISC"
],
"url": "https://joplinapp.org/help/dev/spec/note_viewer_isolation"
}
],
"source": {
"advisory": "GHSA-5w3c-wph9-hq92",
"discovery": "UNKNOWN"
},
"title": "Cross-site Scripting (XSS) in Rich Text Editor allows arbitrary code execution in Joplin"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-24028",
"datePublished": "2025-02-07T22:23:07.275Z",
"dateReserved": "2025-01-16T17:31:06.460Z",
"dateUpdated": "2025-02-10T17:17:41.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-53268 (GCVE-0-2024-53268)
Vulnerability from cvelistv5
Published
2024-11-25 19:22
Modified
2024-11-25 19:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Summary
Joplin is an open source, privacy-focused note taking app with sync capabilities for Windows, macOS, Linux, Android and iOS. In affected versions attackers are able to abuse the fact that openExternal is used without any filtering of URI schemes to obtain remote code execution in Windows environments. This issue has been addressed in version 3.0.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/laurent22/joplin/security/advisories/GHSA-pc5v-xp44-5mgv | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:laurent_22:joplin:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "joplin",
"vendor": "laurent_22",
"versions": [
{
"lessThan": "3.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-53268",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-25T19:35:21.372405Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T19:38:18.292Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "joplin",
"vendor": "laurent22",
"versions": [
{
"status": "affected",
"version": "\u003c 3.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Joplin is an open source, privacy-focused note taking app with sync capabilities for Windows, macOS, Linux, Android and iOS. In affected versions attackers are able to abuse the fact that openExternal is used without any filtering of URI schemes to obtain remote code execution in Windows environments. This issue has been addressed in version 3.0.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T19:22:17.131Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/laurent22/joplin/security/advisories/GHSA-pc5v-xp44-5mgv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-pc5v-xp44-5mgv"
}
],
"source": {
"advisory": "GHSA-pc5v-xp44-5mgv",
"discovery": "UNKNOWN"
},
"title": "Lack of validation on openExternal allows 1 click remote code execution in joplin"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-53268",
"datePublished": "2024-11-25T19:22:17.131Z",
"dateReserved": "2024-11-19T20:08:14.481Z",
"dateUpdated": "2024-11-25T19:38:18.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9038 (GCVE-0-2020-9038)
Vulnerability from cvelistv5
Published
2020-02-17 15:47
Modified
2024-08-04 10:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Joplin through 1.0.184 allows Arbitrary File Read via XSS.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laurent22/joplin/commit/3db47b575b9cb0a765da3d283baa2c065df0d0bc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laurent22/joplin/compare/clipper-1.0.19...clipper-1.0.20"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156582/Joplin-Desktop-1.0.184-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Joplin through 1.0.184 allows Arbitrary File Read via XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-02T17:06:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laurent22/joplin/commit/3db47b575b9cb0a765da3d283baa2c065df0d0bc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laurent22/joplin/compare/clipper-1.0.19...clipper-1.0.20"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156582/Joplin-Desktop-1.0.184-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Joplin through 1.0.184 allows Arbitrary File Read via XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/laurent22/joplin/commit/3db47b575b9cb0a765da3d283baa2c065df0d0bc",
"refsource": "MISC",
"url": "https://github.com/laurent22/joplin/commit/3db47b575b9cb0a765da3d283baa2c065df0d0bc"
},
{
"name": "https://github.com/laurent22/joplin/compare/clipper-1.0.19...clipper-1.0.20",
"refsource": "MISC",
"url": "https://github.com/laurent22/joplin/compare/clipper-1.0.19...clipper-1.0.20"
},
{
"name": "http://packetstormsecurity.com/files/156582/Joplin-Desktop-1.0.184-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156582/Joplin-Desktop-1.0.184-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-9038",
"datePublished": "2020-02-17T15:47:29",
"dateReserved": "2020-02-17T00:00:00",
"dateUpdated": "2024-08-04T10:19:19.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38506 (GCVE-0-2023-38506)
Vulnerability from cvelistv5
Published
2024-06-21 19:43
Modified
2024-08-02 17:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Joplin is a free, open source note taking and to-do application. A Cross-site Scripting (XSS) vulnerability allows pasting untrusted data into the rich text editor to execute arbitrary code. HTML pasted into the rich text editor is not sanitized (or not sanitized properly). As such, the `onload` attribute of pasted images can execute arbitrary code. Because the TinyMCE editor frame does not use the `sandbox` attribute, such scripts can access NodeJS's `require` through the `top` variable. From this, an attacker can run arbitrary commands. This issue has been addressed in version 2.12.10 and users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/laurent22/joplin/security/advisories/GHSA-m59c-9rrj-c399 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:joplin_project:joplin:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "joplin",
"vendor": "joplin_project",
"versions": [
{
"lessThan": "2.12.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38506",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-24T13:57:21.359902Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-24T14:03:04.363Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:46:55.757Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/laurent22/joplin/security/advisories/GHSA-m59c-9rrj-c399",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-m59c-9rrj-c399"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "joplin",
"vendor": "laurent22",
"versions": [
{
"status": "affected",
"version": "\u003c 2.12.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Joplin is a free, open source note taking and to-do application. A Cross-site Scripting (XSS) vulnerability allows pasting untrusted data into the rich text editor to execute arbitrary code. HTML pasted into the rich text editor is not sanitized (or not sanitized properly). As such, the `onload` attribute of pasted images can execute arbitrary code. Because the TinyMCE editor frame does not use the `sandbox` attribute, such scripts can access NodeJS\u0027s `require` through the `top` variable. From this, an attacker can run arbitrary commands. This issue has been addressed in version 2.12.10 and users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T19:43:24.161Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/laurent22/joplin/security/advisories/GHSA-m59c-9rrj-c399",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-m59c-9rrj-c399"
}
],
"source": {
"advisory": "GHSA-m59c-9rrj-c399",
"discovery": "UNKNOWN"
},
"title": "Cross-site Scripting (XSS) when pasting HTML into the rich text editor in Joplin"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-38506",
"datePublished": "2024-06-21T19:43:24.161Z",
"dateReserved": "2023-07-18T16:28:12.077Z",
"dateUpdated": "2024-08-02T17:46:55.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000534 (GCVE-0-2018-1000534)
Vulnerability from cvelistv5
Published
2018-06-26 16:00
Modified
2024-08-05 12:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Joplin version prior to 1.0.90 contains a XSS evolving into code execution due to enabled nodeIntegration for that particular BrowserWindow instance where XSS was identified from vulnerability in Note content field - information on the fix can be found here https://github.com/laurent22/joplin/commit/494e235e18659574f836f84fcf9f4d4fcdcfcf89 that can result in executing unauthorized code within the rights in which the application is running. This attack appear to be exploitable via Victim synchronizing notes from the cloud services or other note-keeping services which contain malicious code. This vulnerability appears to have been fixed in 1.0.90 and later.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/laurent22/joplin/issues/500 | x_refsource_MISC | |
| https://github.com/laurent22/joplin/commit/494e235e18659574f836f84fcf9f4d4fcdcfcf89 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:40:47.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laurent22/joplin/issues/500"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laurent22/joplin/commit/494e235e18659574f836f84fcf9f4d4fcdcfcf89"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-06-23T00:00:00",
"datePublic": "2018-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Joplin version prior to 1.0.90 contains a XSS evolving into code execution due to enabled nodeIntegration for that particular BrowserWindow instance where XSS was identified from vulnerability in Note content field - information on the fix can be found here https://github.com/laurent22/joplin/commit/494e235e18659574f836f84fcf9f4d4fcdcfcf89 that can result in executing unauthorized code within the rights in which the application is running. This attack appear to be exploitable via Victim synchronizing notes from the cloud services or other note-keeping services which contain malicious code. This vulnerability appears to have been fixed in 1.0.90 and later."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-26T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laurent22/joplin/issues/500"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laurent22/joplin/commit/494e235e18659574f836f84fcf9f4d4fcdcfcf89"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-06-23T11:22:33.049360",
"DATE_REQUESTED": "2018-05-11T12:06:44",
"ID": "CVE-2018-1000534",
"REQUESTER": "silviavali14@gmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Joplin version prior to 1.0.90 contains a XSS evolving into code execution due to enabled nodeIntegration for that particular BrowserWindow instance where XSS was identified from vulnerability in Note content field - information on the fix can be found here https://github.com/laurent22/joplin/commit/494e235e18659574f836f84fcf9f4d4fcdcfcf89 that can result in executing unauthorized code within the rights in which the application is running. This attack appear to be exploitable via Victim synchronizing notes from the cloud services or other note-keeping services which contain malicious code. This vulnerability appears to have been fixed in 1.0.90 and later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/laurent22/joplin/issues/500",
"refsource": "MISC",
"url": "https://github.com/laurent22/joplin/issues/500"
},
{
"name": "https://github.com/laurent22/joplin/commit/494e235e18659574f836f84fcf9f4d4fcdcfcf89",
"refsource": "MISC",
"url": "https://github.com/laurent22/joplin/commit/494e235e18659574f836f84fcf9f4d4fcdcfcf89"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000534",
"datePublished": "2018-06-26T16:00:00",
"dateReserved": "2018-05-11T00:00:00",
"dateUpdated": "2024-08-05T12:40:47.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45673 (GCVE-0-2023-45673)
Vulnerability from cvelistv5
Published
2024-06-21 19:38
Modified
2024-08-02 20:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Summary
Joplin is a free, open source note taking and to-do application. A remote code execution (RCE) vulnerability in affected versions allows clicking on a link in a PDF in an untrusted note to execute arbitrary shell commands. Clicking links in PDFs allows for arbitrary code execution because Joplin desktop: 1. has not disabled top redirection for note viewer iframes, and 2. and has node integration enabled. This is a remote code execution vulnerability that impacts anyone who attaches untrusted PDFs to notes and has the icon enabled. This issue has been addressed in version 2.13.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/laurent22/joplin/security/advisories/GHSA-g8qx-5vcm-3x59 | x_refsource_CONFIRM | |
| https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox | x_refsource_MISC |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:laurent_22:joplin:2.13.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "joplin",
"vendor": "laurent_22",
"versions": [
{
"lessThan": "2.13.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45673",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-22T16:30:51.519648Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-22T16:33:49.672Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.844Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/laurent22/joplin/security/advisories/GHSA-g8qx-5vcm-3x59",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-g8qx-5vcm-3x59"
},
{
"name": "https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "joplin",
"vendor": "laurent22",
"versions": [
{
"status": "affected",
"version": "\u003c 2.13.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Joplin is a free, open source note taking and to-do application. A remote code execution (RCE) vulnerability in affected versions allows clicking on a link in a PDF in an untrusted note to execute arbitrary shell commands. Clicking links in PDFs allows for arbitrary code execution because Joplin desktop: 1. has not disabled top redirection for note viewer iframes, and 2. and has node integration enabled. This is a remote code execution vulnerability that impacts anyone who attaches untrusted PDFs to notes and has the icon enabled. This issue has been addressed in version 2.13.3. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T19:38:22.764Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/laurent22/joplin/security/advisories/GHSA-g8qx-5vcm-3x59",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-g8qx-5vcm-3x59"
},
{
"name": "https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox",
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox"
}
],
"source": {
"advisory": "GHSA-g8qx-5vcm-3x59",
"discovery": "UNKNOWN"
},
"title": "Arbitrary code execution on click of PDF links in Joplin"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-45673",
"datePublished": "2024-06-21T19:38:22.764Z",
"dateReserved": "2023-10-10T14:36:40.861Z",
"dateUpdated": "2024-08-02T20:21:16.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-25187 (GCVE-0-2025-25187)
Vulnerability from cvelistv5
Published
2025-02-07 22:38
Modified
2025-02-10 17:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by adding note titles to the document using React's `dangerouslySetInnerHTML`, without first escaping HTML entities. Joplin lacks a Content-Security-Policy with a restrictive `script-src`. This allows arbitrary JavaScript execution via inline `onclick`/`onload` event handlers in unsanitized HTML. Additionally, Joplin's main window is created with `nodeIntegration` set to `true`, allowing arbitrary JavaScript execution to result in arbitrary code execution. Anyone who 1) receives notes from unknown sources and 2) uses <kbd>ctrl</kbd>-<kbd>p</kbd> to search is impacted. This issue has been addressed in version 3.1.24 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25187",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T17:14:00.437337Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T17:15:09.979Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-9gfv-q6wj-fr3c"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "joplin",
"vendor": "laurent22",
"versions": [
{
"status": "affected",
"version": "\u003c 3.1.24"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by adding note titles to the document using React\u0027s `dangerouslySetInnerHTML`, without first escaping HTML entities. Joplin lacks a Content-Security-Policy with a restrictive `script-src`. This allows arbitrary JavaScript execution via inline `onclick`/`onload` event handlers in unsanitized HTML. Additionally, Joplin\u0027s main window is created with `nodeIntegration` set to `true`, allowing arbitrary JavaScript execution to result in arbitrary code execution. Anyone who 1) receives notes from unknown sources and 2) uses \u003ckbd\u003ectrl\u003c/kbd\u003e-\u003ckbd\u003ep\u003c/kbd\u003e to search is impacted. This issue has been addressed in version 3.1.24 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T22:38:20.068Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/laurent22/joplin/security/advisories/GHSA-9gfv-q6wj-fr3c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-9gfv-q6wj-fr3c"
},
{
"name": "https://github.com/laurent22/joplin/commit/360ece6f8873ef81afbfb98b25faad696ffccdb6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laurent22/joplin/commit/360ece6f8873ef81afbfb98b25faad696ffccdb6"
},
{
"name": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src",
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src"
},
{
"name": "https://github.com/laurent22/joplin/blob/2fc9bd476b0d9abcddb0a46f615a48333779d225/packages/app-desktop/plugins/GotoAnything.tsx#L558",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laurent22/joplin/blob/2fc9bd476b0d9abcddb0a46f615a48333779d225/packages/app-desktop/plugins/GotoAnything.tsx#L558"
}
],
"source": {
"advisory": "GHSA-9gfv-q6wj-fr3c",
"discovery": "UNKNOWN"
},
"title": "Cross-site Scripting in Goto Anything allows arbitrary code execution in Joplin"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-25187",
"datePublished": "2025-02-07T22:38:20.068Z",
"dateReserved": "2025-02-03T19:30:53.399Z",
"dateUpdated": "2025-02-10T17:15:09.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37916 (GCVE-0-2021-37916)
Vulnerability from cvelistv5
Published
2021-08-02 23:35
Modified
2024-08-04 01:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Joplin before 2.0.9 allows XSS via button and form in the note body.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/laurent22/joplin/commit/feaecf765368f2c273bea3a9fa641ff0da7e6b26 | x_refsource_MISC | |
| https://github.com/laurent22/joplin/releases/tag/v2.0.9 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:09.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laurent22/joplin/commit/feaecf765368f2c273bea3a9fa641ff0da7e6b26"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laurent22/joplin/releases/tag/v2.0.9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Joplin before 2.0.9 allows XSS via button and form in the note body."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-02T23:35:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laurent22/joplin/commit/feaecf765368f2c273bea3a9fa641ff0da7e6b26"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laurent22/joplin/releases/tag/v2.0.9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37916",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Joplin before 2.0.9 allows XSS via button and form in the note body."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/laurent22/joplin/commit/feaecf765368f2c273bea3a9fa641ff0da7e6b26",
"refsource": "MISC",
"url": "https://github.com/laurent22/joplin/commit/feaecf765368f2c273bea3a9fa641ff0da7e6b26"
},
{
"name": "https://github.com/laurent22/joplin/releases/tag/v2.0.9",
"refsource": "MISC",
"url": "https://github.com/laurent22/joplin/releases/tag/v2.0.9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-37916",
"datePublished": "2021-08-02T23:35:37",
"dateReserved": "2021-08-02T00:00:00",
"dateUpdated": "2024-08-04T01:30:09.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45598 (GCVE-0-2022-45598)
Vulnerability from cvelistv5
Published
2023-01-31 00:00
Modified
2025-03-27 18:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross Site Scripting vulnerability in Joplin Desktop App before v2.9.17 allows attacker to execute arbitrary code via improper santization.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:17:03.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/laurent22/joplin/commit/a2de167b95debad83a0f0c7925a88c0198db812e"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/laurent22/joplin/releases/tag/v2.9.17"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45598",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T18:27:23.451276Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T18:27:57.776Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Joplin Desktop App before v2.9.17 allows attacker to execute arbitrary code via improper santization."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-31T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/laurent22/joplin/commit/a2de167b95debad83a0f0c7925a88c0198db812e"
},
{
"url": "https://github.com/laurent22/joplin/releases/tag/v2.9.17"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-45598",
"datePublished": "2023-01-31T00:00:00.000Z",
"dateReserved": "2022-11-21T00:00:00.000Z",
"dateUpdated": "2025-03-27T18:27:57.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27134 (GCVE-0-2025-27134)
Vulnerability from cvelistv5
Published
2025-04-30 14:55
Modified
2025-04-30 15:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Prior to version 3.3.3, a privilege escalation vulnerability exists in the Joplin server, allowing non-admin users to exploit the API endpoint `PATCH /api/users/:id` to set the `is_admin` field to 1. The vulnerability allows malicious low-privileged users to perform administrative actions without proper authorization. This issue has been patched in version 3.3.3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/laurent22/joplin/security/advisories/GHSA-xj67-649m-3p8x | x_refsource_CONFIRM | |
| https://github.com/laurent22/joplin/commit/12baa9827dac9da903f244c9f358e3deb264e228 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27134",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T15:11:08.488746Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T15:11:12.895Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-xj67-649m-3p8x"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "joplin",
"vendor": "laurent22",
"versions": [
{
"status": "affected",
"version": "\u003c 3.3.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Prior to version 3.3.3, a privilege escalation vulnerability exists in the Joplin server, allowing non-admin users to exploit the API endpoint `PATCH /api/users/:id` to set the `is_admin` field to 1. The vulnerability allows malicious low-privileged users to perform administrative actions without proper authorization. This issue has been patched in version 3.3.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T14:55:10.285Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/laurent22/joplin/security/advisories/GHSA-xj67-649m-3p8x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-xj67-649m-3p8x"
},
{
"name": "https://github.com/laurent22/joplin/commit/12baa9827dac9da903f244c9f358e3deb264e228",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laurent22/joplin/commit/12baa9827dac9da903f244c9f358e3deb264e228"
}
],
"source": {
"advisory": "GHSA-xj67-649m-3p8x",
"discovery": "UNKNOWN"
},
"title": "Privilege escalation in Joplin server via user patch endpoint"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-27134",
"datePublished": "2025-04-30T14:55:10.285Z",
"dateReserved": "2025-02-19T16:30:47.774Z",
"dateUpdated": "2025-04-30T15:11:12.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23340 (GCVE-0-2022-23340)
Vulnerability from cvelistv5
Published
2022-02-08 13:20
Modified
2024-08-03 03:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Joplin 2.6.10 allows remote attackers to execute system commands through malicious code in user search results.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/laurent22/joplin/issues/6004 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:36:20.418Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laurent22/joplin/issues/6004"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Joplin 2.6.10 allows remote attackers to execute system commands through malicious code in user search results."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-08T13:20:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laurent22/joplin/issues/6004"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-23340",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Joplin 2.6.10 allows remote attackers to execute system commands through malicious code in user search results."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/laurent22/joplin/issues/6004",
"refsource": "MISC",
"url": "https://github.com/laurent22/joplin/issues/6004"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-23340",
"datePublished": "2022-02-08T13:20:31",
"dateReserved": "2022-01-18T00:00:00",
"dateUpdated": "2024-08-03T03:36:20.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-40643 (GCVE-0-2024-40643)
Vulnerability from cvelistv5
Published
2024-09-09 14:28
Modified
2024-09-09 14:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Joplin is a free, open source note taking and to-do application. Joplin fails to take into account that "<" followed by a non letter character will not be considered html. As such it is possible to do an XSS by putting an "illegal" tag within a tag.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/laurent22/joplin/security/advisories/GHSA-g796-3g6g-jmmc | x_refsource_CONFIRM | |
| https://github.com/laurent22/joplin/commit/b220413a9b5ed55fb1f565ac786a5c231da8bc87 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:joplinapp:joplin:*:*:*:*:*:node.js:*:*"
],
"defaultStatus": "unknown",
"product": "joplin",
"vendor": "joplinapp",
"versions": [
{
"lessThan": "3.0.15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40643",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-09T14:51:10.576198Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T14:52:47.111Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "joplin",
"vendor": "laurent22",
"versions": [
{
"status": "affected",
"version": "\u003c 3.0.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Joplin is a free, open source note taking and to-do application. Joplin fails to take into account that \"\u003c\" followed by a non letter character will not be considered html. As such it is possible to do an XSS by putting an \"illegal\" tag within a tag."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.7,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T14:28:20.920Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/laurent22/joplin/security/advisories/GHSA-g796-3g6g-jmmc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-g796-3g6g-jmmc"
},
{
"name": "https://github.com/laurent22/joplin/commit/b220413a9b5ed55fb1f565ac786a5c231da8bc87",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laurent22/joplin/commit/b220413a9b5ed55fb1f565ac786a5c231da8bc87"
}
],
"source": {
"advisory": "GHSA-g796-3g6g-jmmc",
"discovery": "UNKNOWN"
},
"title": "Joplin has a parsing error leading to Cross-site Scripting (XSS)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-40643",
"datePublished": "2024-09-09T14:28:20.920Z",
"dateReserved": "2024-07-08T16:13:15.512Z",
"dateUpdated": "2024-09-09T14:52:47.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27409 (GCVE-0-2025-27409)
Vulnerability from cvelistv5
Published
2025-04-30 14:55
Modified
2025-04-30 15:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Prior to version 3.3.3, path traversal is possible in Joplin Server if static file path starts with `css/pluginAssets` or `js/pluginAssets`. The `findLocalFile` function in the `default route` calls `localFileFromUrl` to check for special `pluginAssets` paths. If the function returns a path, the result is returned directly, without checking for path traversal. The vulnerability allows attackers to read files outside the intended directories. This issue has been patched in version 3.3.3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/laurent22/joplin/security/advisories/GHSA-5xv6-7jm3-fmg5 | x_refsource_CONFIRM | |
| https://github.com/laurent22/joplin/pull/11916 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27409",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T15:11:55.959723Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T15:11:59.209Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-5xv6-7jm3-fmg5"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "joplin",
"vendor": "laurent22",
"versions": [
{
"status": "affected",
"version": "\u003c 3.3.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Prior to version 3.3.3, path traversal is possible in Joplin Server if static file path starts with `css/pluginAssets` or `js/pluginAssets`. The `findLocalFile` function in the `default route` calls `localFileFromUrl` to check for special `pluginAssets` paths. If the function returns a path, the result is returned directly, without checking for path traversal. The vulnerability allows attackers to read files outside the intended directories. This issue has been patched in version 3.3.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T14:55:07.846Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/laurent22/joplin/security/advisories/GHSA-5xv6-7jm3-fmg5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-5xv6-7jm3-fmg5"
},
{
"name": "https://github.com/laurent22/joplin/pull/11916",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laurent22/joplin/pull/11916"
}
],
"source": {
"advisory": "GHSA-5xv6-7jm3-fmg5",
"discovery": "UNKNOWN"
},
"title": "Joplin Server Vulnerable to Path Traversal"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-27409",
"datePublished": "2025-04-30T14:55:07.846Z",
"dateReserved": "2025-02-24T15:51:17.268Z",
"dateUpdated": "2025-04-30T15:11:59.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2025-04-30 15:16
Modified
2025-05-16 16:32
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Prior to version 3.3.3, a privilege escalation vulnerability exists in the Joplin server, allowing non-admin users to exploit the API endpoint `PATCH /api/users/:id` to set the `is_admin` field to 1. The vulnerability allows malicious low-privileged users to perform administrative actions without proper authorization. This issue has been patched in version 3.3.3.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| joplin_project | joplin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joplin_project:joplin:*:*:*:*:*:-:*:*",
"matchCriteriaId": "DD591BFD-416F-494A-8CF5-1BE3656CCC27",
"versionEndExcluding": "3.3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Prior to version 3.3.3, a privilege escalation vulnerability exists in the Joplin server, allowing non-admin users to exploit the API endpoint `PATCH /api/users/:id` to set the `is_admin` field to 1. The vulnerability allows malicious low-privileged users to perform administrative actions without proper authorization. This issue has been patched in version 3.3.3."
},
{
"lang": "es",
"value": "Joplin es una aplicaci\u00f3n gratuita y de c\u00f3digo abierto para tomar notas y gestionar tareas pendientes, capaz de gestionar un gran n\u00famero de notas organizadas en cuadernos. Antes de la versi\u00f3n 3.3.3, exist\u00eda una vulnerabilidad de escalada de privilegios en el servidor Joplin, que permit\u00eda a usuarios no administradores explotar el endpoint de la API `PATCH /api/users/:id` para establecer el campo `is_admin` en 1. Esta vulnerabilidad permite a usuarios malintencionados con pocos privilegios realizar acciones administrativas sin la debida autorizaci\u00f3n. Este problema se ha corregido en la versi\u00f3n 3.3.3."
}
],
"id": "CVE-2025-27134",
"lastModified": "2025-05-16T16:32:35.957",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-04-30T15:16:00.927",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/laurent22/joplin/commit/12baa9827dac9da903f244c9f358e3deb264e228"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-xj67-649m-3p8x"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-xj67-649m-3p8x"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-06 07:15
Modified
2024-11-21 05:22
Severity ?
Summary
Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/fhlip0/JopinXSS | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/laurent22/joplin/releases | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/fhlip0/JopinXSS | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/laurent22/joplin/releases | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| joplin_project | joplin | 1.2.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joplin_project:joplin:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2D4975A3-39B6-4ACF-9BAC-ECD72780DD6D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note."
},
{
"lang": "es",
"value": "Joplin versi\u00f3n 1.2.6 para Desktop, permite un ataque de tipo XSS por medio de un elemento LINK en una nota"
}
],
"id": "CVE-2020-28249",
"lastModified": "2024-11-21T05:22:31.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-06T07:15:12.700",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/fhlip0/JopinXSS"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/laurent22/joplin/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/fhlip0/JopinXSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/laurent22/joplin/releases"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-07 23:15
Modified
2025-04-18 01:57
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Summary
Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by differences between how Joplin's HTML sanitizer handles comments and how the browser handles comments. This affects both the Rich Text Editor and the Markdown viewer. However, unlike the Rich Text Editor, the Markdown viewer is `cross-origin isolated`, which prevents JavaScript from directly accessing functions/variables in the toplevel Joplin `window`. This issue is not present in Joplin 3.1.24 and may have been introduced in `9b50539`. This is an XSS vulnerability that impacts users that open untrusted notes in the Rich Text Editor. This vulnerability has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| joplin_project | joplin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joplin_project:joplin:*:*:*:*:*:-:*:*",
"matchCriteriaId": "A5039B9E-A299-42D9-AFBD-1416989AB562",
"versionEndExcluding": "3.2.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by differences between how Joplin\u0027s HTML sanitizer handles comments and how the browser handles comments. This affects both the Rich Text Editor and the Markdown viewer. However, unlike the Rich Text Editor, the Markdown viewer is `cross-origin isolated`, which prevents JavaScript from directly accessing functions/variables in the toplevel Joplin `window`. This issue is not present in Joplin 3.1.24 and may have been introduced in `9b50539`. This is an XSS vulnerability that impacts users that open untrusted notes in the Rich Text Editor. This vulnerability has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Joplin es una aplicaci\u00f3n de c\u00f3digo abierto y gratuita para tomar notas y realizar tareas pendientes, que puede gestionar una gran cantidad de notas organizadas en cuadernos. Esta vulnerabilidad se debe a diferencias entre la forma en que el depurador HTML de Joplin gestiona los comentarios y la forma en que el navegador los gestiona. Esto afecta tanto al editor de texto enriquecido como al visor de Markdown. Sin embargo, a diferencia del editor de texto enriquecido, el visor de Markdown est\u00e1 \"aislado en todos los or\u00edgenes\", lo que impide que JavaScript acceda directamente a funciones o variables en la \"ventana\" de nivel superior de Joplin. Este problema no est\u00e1 presente en Joplin 3.1.24 y puede haberse introducido en \"9b50539\". Se trata de una vulnerabilidad XSS que afecta a los usuarios que abren notas que no son de confianza en el editor de texto enriquecido. Esta vulnerabilidad se ha solucionado en la versi\u00f3n 3.2.12 y se recomienda a todos los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"id": "CVE-2025-24028",
"lastModified": "2025-04-18T01:57:17.133",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-02-07T23:15:15.013",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/laurent22/joplin/commit/2a058ed8097c2502e152b26394dc1917897f5817"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/laurent22/joplin/commit/9b505395918bc923f34fe6f3b960bb10e8cf234e"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-5w3c-wph9-hq92"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://joplinapp.org/help/dev/spec/note_viewer_isolation"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-5w3c-wph9-hq92"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-21 20:15
Modified
2024-11-21 08:15
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Joplin is a free, open source note taking and to-do application. A Cross site scripting (XSS) vulnerability in affected versions allows clicking on an untrusted image link to execute arbitrary shell commands. The HTML sanitizer (`packages/renderer/htmlUtils.ts::sanitizeHtml`) preserves `<map>` `<area>` links. However, unlike `<a>` links, the `target` and `href` attributes are not removed. Additionally, because the note preview pane isn't sandboxed to prevent top navigation, links with `target` set to `_top` can replace the toplevel electron page. Because any toplevel electron page, with Joplin's setup, has access to `require` and can require node libraries, a malicious replacement toplevel page can import `child_process` and execute arbitrary shell commands. This issue has been fixed in commit 7c52c3e9a81a52ef1b42a951f9deb9d378d59b0f which is included in release version 2.12.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| joplin_project | joplin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joplin_project:joplin:*:*:*:*:*:-:*:*",
"matchCriteriaId": "23F5CA99-69DB-4D33-AE9A-E4BEAD09F57A",
"versionEndExcluding": "2.12.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Joplin is a free, open source note taking and to-do application. A Cross site scripting (XSS) vulnerability in affected versions allows clicking on an untrusted image link to execute arbitrary shell commands. The HTML sanitizer (`packages/renderer/htmlUtils.ts::sanitizeHtml`) preserves `\u003cmap\u003e` `\u003carea\u003e` links. However, unlike `\u003ca\u003e` links, the `target` and `href` attributes are not removed. Additionally, because the note preview pane isn\u0027t sandboxed to prevent top navigation, links with `target` set to `_top` can replace the toplevel electron page. Because any toplevel electron page, with Joplin\u0027s setup, has access to `require` and can require node libraries, a malicious replacement toplevel page can import `child_process` and execute arbitrary shell commands. This issue has been fixed in commit 7c52c3e9a81a52ef1b42a951f9deb9d378d59b0f which is included in release version 2.12.8. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Joplin es una aplicaci\u00f3n gratuita y de c\u00f3digo abierto para tomar notas y tareas pendientes. Una vulnerabilidad de Cross-Site Scripting (XSS) en las versiones afectadas permite hacer clic en un enlace de imagen que no es de confianza para ejecutar comandos de shell arbitrarios. El sanitizante HTML (`packages/renderer/htmlUtils.ts::sanitizeHtml`) conserva los enlaces `` ``. Sin embargo, a diferencia de los enlaces `\u003ca rel=\"nofollow\"\u003e`, los atributos `target` y `href` no se eliminan. Adem\u00e1s, debido a que el panel de vista previa de notas no est\u00e1 protegido para evitar la navegaci\u00f3n superior, los enlaces con \"destino\" configurado en \"_top\" pueden reemplazar la p\u00e1gina electr\u00f3nica de nivel superior. Debido a que cualquier p\u00e1gina electr\u00f3nica de nivel superior, con la configuraci\u00f3n de Joplin, tiene acceso a `require` y puede requerir librer\u00edas de nodos, una p\u00e1gina de nivel superior de reemplazo maliciosa puede importar `child_process` y ejecutar comandos de shell arbitrarios. Este problema se solucion\u00f3 en el commit 7c52c3e9a81a52ef1b42a951f9deb9d378d59b0f que se incluye en la versi\u00f3n 2.12.8. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad.\u003c/a\u003e"
}
],
"id": "CVE-2023-39517",
"lastModified": "2024-11-21T08:15:35.033",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 5.3,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-21T20:15:12.307",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Not Applicable"
],
"url": "https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/laurent22/joplin/commit/7c52c3e9a81a52ef1b42a951f9deb9d378d59b0f"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-2h88-m32f-qh5m"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/laurent22/joplin/commit/7c52c3e9a81a52ef1b42a951f9deb9d378d59b0f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-2h88-m32f-qh5m"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-14 18:15
Modified
2025-05-07 14:10
Severity ?
7.7 (High) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L
9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Summary
Joplin is a free, open source note taking and to-do application. Joplin-desktop has a vulnerability that leads to remote code execution (RCE) when a user clicks on an <a> link within untrusted notes. The issue arises due to insufficient sanitization of <a> tag attributes introduced by the Mermaid. This vulnerability allows the execution of untrusted HTML content within the Electron window, which has full access to Node.js APIs, enabling arbitrary shell command execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/laurent22/joplin/security/advisories/GHSA-hff8-hjwv-j9q7 | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| joplin_project | joplin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joplin_project:joplin:*:*:*:*:*:-:*:*",
"matchCriteriaId": "072181DD-7C0E-4B22-AC35-B7C25CC53219",
"versionEndExcluding": "3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Joplin is a free, open source note taking and to-do application. Joplin-desktop has a vulnerability that leads to remote code execution (RCE) when a user clicks on an \u003ca\u003e link within untrusted notes. The issue arises due to insufficient sanitization of \u003ca\u003e tag attributes introduced by the Mermaid. This vulnerability allows the execution of untrusted HTML content within the Electron window, which has full access to Node.js APIs, enabling arbitrary shell command execution."
},
{
"lang": "es",
"value": "Joplin es una aplicaci\u00f3n de c\u00f3digo abierto y gratuita para tomar notas y realizar tareas pendientes. Joplin-desktop tiene una vulnerabilidad que provoca la ejecuci\u00f3n remota de c\u00f3digo (RCE) cuando un usuario hace clic en un enlace \u003ca rel=\"nofollow\"\u003e dentro de notas que no son de confianza. El problema surge debido a una limpieza insuficiente de los atributos de la etiqueta \u003c/a\u003e\u003ca rel=\"nofollow\"\u003e introducidos por Mermaid. Esta vulnerabilidad permite la ejecuci\u00f3n de contenido HTML no confiable dentro de la ventana Electron, que tiene acceso completo a las API de Node.js, lo que permite la ejecuci\u00f3n arbitraria de comandos de shell.\u003c/a\u003e"
}
],
"id": "CVE-2024-49362",
"lastModified": "2025-05-07T14:10:19.787",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.1,
"impactScore": 6.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-11-14T18:15:19.243",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-hff8-hjwv-j9q7"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-21 20:15
Modified
2025-04-11 15:17
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Joplin is a free, open source note taking and to-do application. A Cross-site Scripting (XSS) vulnerability allows pasting untrusted data into the rich text editor to execute arbitrary code. HTML pasted into the rich text editor is not sanitized (or not sanitized properly). As such, the `onload` attribute of pasted images can execute arbitrary code. Because the TinyMCE editor frame does not use the `sandbox` attribute, such scripts can access NodeJS's `require` through the `top` variable. From this, an attacker can run arbitrary commands. This issue has been addressed in version 2.12.10 and users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/laurent22/joplin/security/advisories/GHSA-m59c-9rrj-c399 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/laurent22/joplin/security/advisories/GHSA-m59c-9rrj-c399 | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| joplin_project | joplin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joplin_project:joplin:*:*:*:*:*:-:*:*",
"matchCriteriaId": "D3D41104-B079-4E4E-849D-501724590C0E",
"versionEndExcluding": "2.12.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Joplin is a free, open source note taking and to-do application. A Cross-site Scripting (XSS) vulnerability allows pasting untrusted data into the rich text editor to execute arbitrary code. HTML pasted into the rich text editor is not sanitized (or not sanitized properly). As such, the `onload` attribute of pasted images can execute arbitrary code. Because the TinyMCE editor frame does not use the `sandbox` attribute, such scripts can access NodeJS\u0027s `require` through the `top` variable. From this, an attacker can run arbitrary commands. This issue has been addressed in version 2.12.10 and users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Joplin es una aplicaci\u00f3n gratuita y de c\u00f3digo abierto para tomar notas y tareas pendientes. Una vulnerabilidad de Cross-Site Scripting (XSS) permite pegar datos que no son de confianza en el editor de texto enriquecido para ejecutar c\u00f3digo arbitrario. El HTML pegado en el editor de texto enriquecido no se sanitiza (o no se sanitiza correctamente). Como tal, el atributo \"onload\" de las im\u00e1genes pegadas puede ejecutar c\u00f3digo arbitrario. Debido a que el marco del editor TinyMCE no utiliza el atributo `sandbox`, dichos scripts pueden acceder al `require` de NodeJS a trav\u00e9s de la variable `top`. A partir de esto, un atacante puede ejecutar comandos arbitrarios. Este problema se solucion\u00f3 en la versi\u00f3n 2.12.10 y se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"id": "CVE-2023-38506",
"lastModified": "2025-04-11T15:17:15.377",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 5.3,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-21T20:15:12.003",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-m59c-9rrj-c399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-m59c-9rrj-c399"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-30 15:15
Modified
2024-11-21 08:11
Severity ?
Summary
Joplin before 2.11.5 allows XSS via an AREA element of an image map.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| joplin_project | joplin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joplin_project:joplin:*:*:*:*:*:-:*:*",
"matchCriteriaId": "BD2AEC11-397F-4C85-AA33-BCA9DFEBB263",
"versionEndExcluding": "2.11.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Joplin before 2.11.5 allows XSS via an AREA element of an image map."
}
],
"id": "CVE-2023-37299",
"lastModified": "2024-11-21T08:11:25.897",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-30T15:15:09.053",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/laurent22/joplin/commit/9e90d9016daf79b5414646a93fd369aedb035071"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/laurent22/joplin/releases/tag/v2.11.5"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://vuln.ryotak.net/advisories/68"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/laurent22/joplin/commit/9e90d9016daf79b5414646a93fd369aedb035071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/laurent22/joplin/releases/tag/v2.11.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://vuln.ryotak.net/advisories/68"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-08 14:15
Modified
2024-11-21 06:48
Severity ?
Summary
Joplin 2.6.10 allows remote attackers to execute system commands through malicious code in user search results.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/laurent22/joplin/issues/6004 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/laurent22/joplin/issues/6004 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| joplin_project | joplin | 2.6.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joplin_project:joplin:2.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D581C59A-2B35-42BA-BDC1-E5B73E75D512",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Joplin 2.6.10 allows remote attackers to execute system commands through malicious code in user search results."
},
{
"lang": "es",
"value": "Joplin versi\u00f3n 2.6.10, permite a atacantes remotos ejecutar comandos del sistema mediante c\u00f3digo malicioso en los resultados de b\u00fasqueda del usuario"
}
],
"id": "CVE-2022-23340",
"lastModified": "2024-11-21T06:48:26.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-08T14:15:07.660",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/laurent22/joplin/issues/6004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/laurent22/joplin/issues/6004"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-21 20:15
Modified
2025-04-11 15:17
Severity ?
8.9 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
9.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
9.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Summary
Joplin is a free, open source note taking and to-do application. A remote code execution (RCE) vulnerability in affected versions allows clicking on a link in a PDF in an untrusted note to execute arbitrary shell commands. Clicking links in PDFs allows for arbitrary code execution because Joplin desktop: 1. has not disabled top redirection for note viewer iframes, and 2. and has node integration enabled. This is a remote code execution vulnerability that impacts anyone who attaches untrusted PDFs to notes and has the icon enabled. This issue has been addressed in version 2.13.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| joplin_project | joplin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joplin_project:joplin:*:*:*:*:*:-:*:*",
"matchCriteriaId": "84C20BC7-0A9D-48BF-96E6-A236B2BCB2B2",
"versionEndExcluding": "2.13.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Joplin is a free, open source note taking and to-do application. A remote code execution (RCE) vulnerability in affected versions allows clicking on a link in a PDF in an untrusted note to execute arbitrary shell commands. Clicking links in PDFs allows for arbitrary code execution because Joplin desktop: 1. has not disabled top redirection for note viewer iframes, and 2. and has node integration enabled. This is a remote code execution vulnerability that impacts anyone who attaches untrusted PDFs to notes and has the icon enabled. This issue has been addressed in version 2.13.3. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Joplin es una aplicaci\u00f3n gratuita y de c\u00f3digo abierto para tomar notas y tareas pendientes. Una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) en las versiones afectadas permite hacer clic en un enlace en un PDF en una nota que no es de confianza para ejecutar comandos de shell arbitrarios. Hacer clic en enlaces en archivos PDF permite la ejecuci\u00f3n de c\u00f3digo arbitrario porque el escritorio Joplin: 1. no ha deshabilitado la redirecci\u00f3n superior para los iframes del visor de notas, y 2. y tiene habilitada la integraci\u00f3n de nodos. Esta es una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo que afecta a cualquiera que adjunte archivos PDF que no sean de confianza a notas y tenga el \u00edcono habilitado. Este problema se solucion\u00f3 en la versi\u00f3n 2.13.3. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"id": "CVE-2023-45673",
"lastModified": "2025-04-11T15:17:42.970",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-21T20:15:12.620",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Technical Description"
],
"url": "https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-g8qx-5vcm-3x59"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description"
],
"url": "https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-g8qx-5vcm-3x59"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-31 16:15
Modified
2025-03-27 19:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Cross Site Scripting vulnerability in Joplin Desktop App before v2.9.17 allows attacker to execute arbitrary code via improper santization.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/laurent22/joplin/commit/a2de167b95debad83a0f0c7925a88c0198db812e | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/laurent22/joplin/releases/tag/v2.9.17 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/laurent22/joplin/commit/a2de167b95debad83a0f0c7925a88c0198db812e | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/laurent22/joplin/releases/tag/v2.9.17 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| joplin_project | joplin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joplin_project:joplin:*:*:*:*:*:-:*:*",
"matchCriteriaId": "B2EF6132-C22C-4D93-9880-C3DD829F52FC",
"versionEndExcluding": "2.9.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Joplin Desktop App before v2.9.17 allows attacker to execute arbitrary code via improper santization."
},
{
"lang": "es",
"value": "Una vulnerabilidad de cross site scripting en la aplicaci\u00f3n de escritorio Joplin anterior a v2.9.17 permite a un atacante ejecutar c\u00f3digo arbitrario mediante una sanitizaci\u00f3n inadecuada."
}
],
"id": "CVE-2022-45598",
"lastModified": "2025-03-27T19:15:45.993",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-01-31T16:15:09.053",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/laurent22/joplin/commit/a2de167b95debad83a0f0c7925a88c0198db812e"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/laurent22/joplin/releases/tag/v2.9.17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/laurent22/joplin/commit/a2de167b95debad83a0f0c7925a88c0198db812e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/laurent22/joplin/releases/tag/v2.9.17"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-16 21:15
Modified
2024-11-21 06:08
Severity ?
Summary
Cross Site Scripting (XSS) vulnerability in Joplin Desktop App before 1.8.5 allows attackers to execute aribrary code due to improper sanitizing of html.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/laurent22/joplin/commit/9c20d5947d1fa4678a8b640792ff3d31224f0adf | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/laurent22/joplin/releases/tag/v1.8.5 | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://the-it-wonders.blogspot.com/2021/05/joplin-app-desktop-version-vulnerable.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/laurent22/joplin/commit/9c20d5947d1fa4678a8b640792ff3d31224f0adf | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/laurent22/joplin/releases/tag/v1.8.5 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://the-it-wonders.blogspot.com/2021/05/joplin-app-desktop-version-vulnerable.html | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| joplin_project | joplin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joplin_project:joplin:*:*:*:*:*:-:*:*",
"matchCriteriaId": "650D9E1E-D56C-4186-AF77-C0FEFD5CEE0B",
"versionEndExcluding": "1.8.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in Joplin Desktop App before 1.8.5 allows attackers to execute aribrary code due to improper sanitizing of html."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross Site Scripting (XSS) en Joplin Desktop App versiones anteriores a 1.8.5, permite a atacantes ejecutar c\u00f3digo arbitrario debido a un saneo inapropiado del html"
}
],
"id": "CVE-2021-33295",
"lastModified": "2024-11-21T06:08:39.953",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-16T21:15:07.833",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/laurent22/joplin/commit/9c20d5947d1fa4678a8b640792ff3d31224f0adf"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/laurent22/joplin/releases/tag/v1.8.5"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://the-it-wonders.blogspot.com/2021/05/joplin-app-desktop-version-vulnerable.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/laurent22/joplin/commit/9c20d5947d1fa4678a8b640792ff3d31224f0adf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/laurent22/joplin/releases/tag/v1.8.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://the-it-wonders.blogspot.com/2021/05/joplin-app-desktop-version-vulnerable.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-26 16:29
Modified
2024-11-21 03:40
Severity ?
Summary
Joplin version prior to 1.0.90 contains a XSS evolving into code execution due to enabled nodeIntegration for that particular BrowserWindow instance where XSS was identified from vulnerability in Note content field - information on the fix can be found here https://github.com/laurent22/joplin/commit/494e235e18659574f836f84fcf9f4d4fcdcfcf89 that can result in executing unauthorized code within the rights in which the application is running. This attack appear to be exploitable via Victim synchronizing notes from the cloud services or other note-keeping services which contain malicious code. This vulnerability appears to have been fixed in 1.0.90 and later.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/laurent22/joplin/commit/494e235e18659574f836f84fcf9f4d4fcdcfcf89 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/laurent22/joplin/issues/500 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/laurent22/joplin/commit/494e235e18659574f836f84fcf9f4d4fcdcfcf89 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/laurent22/joplin/issues/500 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| joplin_project | joplin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joplin_project:joplin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B661B315-948E-48F7-8A0B-ACB84D0DF32B",
"versionEndExcluding": "1.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Joplin version prior to 1.0.90 contains a XSS evolving into code execution due to enabled nodeIntegration for that particular BrowserWindow instance where XSS was identified from vulnerability in Note content field - information on the fix can be found here https://github.com/laurent22/joplin/commit/494e235e18659574f836f84fcf9f4d4fcdcfcf89 that can result in executing unauthorized code within the rights in which the application is running. This attack appear to be exploitable via Victim synchronizing notes from the cloud services or other note-keeping services which contain malicious code. This vulnerability appears to have been fixed in 1.0.90 and later."
},
{
"lang": "es",
"value": "Joplin en versiones anteriores a la 1.0.90 contiene Cross-Site Scripting (XSS) que evoluciona a una ejecuci\u00f3n de c\u00f3digo debido a que se habilita nodeIntegration para esa instancia BrowserWindow en concreto en la que se identific\u00f3 XSS a partir de la vulnerabilidad en el campo de contenido Note. La informaci\u00f3n sobre la soluci\u00f3n se puede encontrar en https://github.com/laurent22/joplin/commit/494e235e18659574f836f84fcf9f4d4fcdcfcf89. Esto podr\u00eda resultar en la ejecuci\u00f3n de c\u00f3digo no autorizado con los derechos en los que se ejecuta la aplicaci\u00f3n. Este ataque parece ser explotable mediante una v\u00edctima que sincroniza notas desde los servicios cloud u otros servicios de guardado de notas que contienen c\u00f3digo malicioso. La vulnerabilidad parece haber sido solucionada en las versiones 1.0.90 y siguientes."
}
],
"id": "CVE-2018-1000534",
"lastModified": "2024-11-21T03:40:08.497",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-26T16:29:01.947",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/laurent22/joplin/commit/494e235e18659574f836f84fcf9f4d4fcdcfcf89"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/laurent22/joplin/issues/500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/laurent22/joplin/commit/494e235e18659574f836f84fcf9f4d4fcdcfcf89"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/laurent22/joplin/issues/500"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-25 20:15
Modified
2025-05-07 00:13
Severity ?
7.2 (High) - CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Joplin is an open source, privacy-focused note taking app with sync capabilities for Windows, macOS, Linux, Android and iOS. In affected versions attackers are able to abuse the fact that openExternal is used without any filtering of URI schemes to obtain remote code execution in Windows environments. This issue has been addressed in version 3.0.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/laurent22/joplin/security/advisories/GHSA-pc5v-xp44-5mgv | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| joplin_project | joplin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joplin_project:joplin:*:*:*:*:*:-:*:*",
"matchCriteriaId": "0CB69B70-C05C-413B-9A7B-AB2897A8C9EB",
"versionEndExcluding": "3.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Joplin is an open source, privacy-focused note taking app with sync capabilities for Windows, macOS, Linux, Android and iOS. In affected versions attackers are able to abuse the fact that openExternal is used without any filtering of URI schemes to obtain remote code execution in Windows environments. This issue has been addressed in version 3.0.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Joplin es una aplicaci\u00f3n de c\u00f3digo abierto para tomar notas centrada en la privacidad y con capacidades de sincronizaci\u00f3n para Windows, macOS, Linux, Android e iOS. En las versiones afectadas, los atacantes pueden aprovechar el hecho de que openExternal se utiliza sin ning\u00fan filtrado de esquemas de URI para obtener la ejecuci\u00f3n remota de c\u00f3digo en entornos Windows. Este problema se ha solucionado en la versi\u00f3n 3.0.3 y se recomienda a todos los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"id": "CVE-2024-53268",
"lastModified": "2025-05-07T00:13:36.540",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.6,
"impactScore": 6.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-11-25T20:15:10.583",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-pc5v-xp44-5mgv"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-17 16:15
Modified
2024-11-21 05:39
Severity ?
Summary
Joplin through 1.0.184 allows Arbitrary File Read via XSS.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/156582/Joplin-Desktop-1.0.184-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/laurent22/joplin/commit/3db47b575b9cb0a765da3d283baa2c065df0d0bc | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/laurent22/joplin/compare/clipper-1.0.19...clipper-1.0.20 | Patch, Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/156582/Joplin-Desktop-1.0.184-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/laurent22/joplin/commit/3db47b575b9cb0a765da3d283baa2c065df0d0bc | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/laurent22/joplin/compare/clipper-1.0.19...clipper-1.0.20 | Patch, Release Notes, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| joplin_project | joplin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joplin_project:joplin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EBED37C-370F-4716-964D-50391BA6728B",
"versionEndIncluding": "1.0.184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Joplin through 1.0.184 allows Arbitrary File Read via XSS."
},
{
"lang": "es",
"value": "Joplin versiones hasta 1.0.184, permite una Lectura de Archivos Arbitrarios por medio de un ataque de tipo XSS."
}
],
"id": "CVE-2020-9038",
"lastModified": "2024-11-21T05:39:52.637",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-17T16:15:28.867",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/156582/Joplin-Desktop-1.0.184-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/laurent22/joplin/commit/3db47b575b9cb0a765da3d283baa2c065df0d0bc"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/laurent22/joplin/compare/clipper-1.0.19...clipper-1.0.20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/156582/Joplin-Desktop-1.0.184-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/laurent22/joplin/commit/3db47b575b9cb0a765da3d283baa2c065df0d0bc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/laurent22/joplin/compare/clipper-1.0.19...clipper-1.0.20"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-07 23:15
Modified
2025-04-18 02:10
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Joplin's HTML sanitizer allows the `name` attribute to be specified. If `name` is set to the same value as an existing `document` property (e.g. `querySelector`), that property is replaced with the element. This vulnerability's only known impact is denial of service. The note viewer fails to refresh until closed and re-opened with a different note. This issue has been addressed in version 3.2.8 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| joplin_project | joplin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joplin_project:joplin:*:*:*:*:*:-:*:*",
"matchCriteriaId": "A07BA97F-9DD3-41F1-B86B-6C424ADAF22C",
"versionEndExcluding": "3.2.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Joplin\u0027s HTML sanitizer allows the `name` attribute to be specified. If `name` is set to the same value as an existing `document` property (e.g. `querySelector`), that property is replaced with the element. This vulnerability\u0027s only known impact is denial of service. The note viewer fails to refresh until closed and re-opened with a different note. This issue has been addressed in version 3.2.8 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Joplin es una aplicaci\u00f3n de c\u00f3digo abierto y gratuita para tomar notas y realizar tareas pendientes, que puede gestionar una gran cantidad de notas organizadas en cuadernos. El depurador HTML de Joplin permite especificar el atributo `name`. Si `name` se establece con el mismo valor que una propiedad `document` existente (por ejemplo, `querySelector`), esa propiedad se reemplaza con el elemento. El \u00fanico impacto conocido de esta vulnerabilidad es la denegaci\u00f3n de servicio. El visor de notas no se actualiza hasta que se cierra y se vuelve a abrir con una nota diferente. Este problema se ha solucionado en la versi\u00f3n 3.2.8 y se recomienda a todos los usuarios que actualicen. No existen workarounds para esta vulnerabilidad."
}
],
"id": "CVE-2024-55630",
"lastModified": "2025-04-18T02:10:01.963",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-02-07T23:15:13.293",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Not Applicable"
],
"url": "https://en.wikipedia.org/wiki/DOM_clobbering"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/laurent22/joplin/commit/e70efcbd60ce62f06e77c183b362c74e636c02d9"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-5cch-jr52-qffh"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-5cch-jr52-qffh"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-24 19:15
Modified
2024-11-21 05:06
Severity ?
Summary
An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows arbitrary code execution via a malicious HTML embed tag.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/159316/Joplin-1.0.245-Cross-Site-Scripting-Code-Execution.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/laurent22/joplin/issues/3552 | Third Party Advisory | |
| cve@mitre.org | https://github.com/laurent22/joplin/releases/tag/v1.1.4 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/159316/Joplin-1.0.245-Cross-Site-Scripting-Code-Execution.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/laurent22/joplin/issues/3552 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/laurent22/joplin/releases/tag/v1.1.4 | Release Notes, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| joplin_project | joplin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joplin_project:joplin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A337333-8FE3-4A1D-8039-A26AC351AA07",
"versionEndIncluding": "1.0.245",
"versionStartIncluding": "1.0.190",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows arbitrary code execution via a malicious HTML embed tag."
},
{
"lang": "es",
"value": "Un problema de tipo XSS en Joplin Desktop versiones 1.0.190 hasta 1.0.245, permite una ejecuci\u00f3n de c\u00f3digo arbitrario por medio de una etiqueta de inserci\u00f3n HTML maliciosa."
}
],
"id": "CVE-2020-15930",
"lastModified": "2024-11-21T05:06:28.643",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-24T19:15:11.713",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/159316/Joplin-1.0.245-Cross-Site-Scripting-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/laurent22/joplin/issues/3552"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/laurent22/joplin/releases/tag/v1.1.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/159316/Joplin-1.0.245-Cross-Site-Scripting-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/laurent22/joplin/issues/3552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/laurent22/joplin/releases/tag/v1.1.4"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-21 20:15
Modified
2025-04-11 17:19
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Joplin is a free, open source note taking and to-do application. A Cross-site Scripting (XSS) vulnerability allows an untrusted note opened in safe mode to execute arbitrary code. `packages/renderer/MarkupToHtml.ts` renders note content in safe mode by surrounding it with <pre> and </pre>, without escaping any interior HTML tags. Thus, an attacker can create a note that closes the opening <pre> tag, then includes HTML that runs JavaScript. Because the rendered markdown iframe has the same origin as the toplevel document and is not sandboxed, any scripts running in the preview iframe can access the top variable and, thus, access the toplevel NodeJS `require` function. `require` can then be used to import modules like fs or child_process and run arbitrary commands. This issue has been addressed in version 2.12.9 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| joplin_project | joplin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joplin_project:joplin:*:*:*:*:*:-:*:*",
"matchCriteriaId": "70E827D0-C286-4DA5-893E-C7FC1C03FECD",
"versionEndExcluding": "2.12.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Joplin is a free, open source note taking and to-do application. A Cross-site Scripting (XSS) vulnerability allows an untrusted note opened in safe mode to execute arbitrary code. `packages/renderer/MarkupToHtml.ts` renders note content in safe mode by surrounding it with \u003cpre\u003e and \u003c/pre\u003e, without escaping any interior HTML tags. Thus, an attacker can create a note that closes the opening \u003cpre\u003e tag, then includes HTML that runs JavaScript. Because the rendered markdown iframe has the same origin as the toplevel document and is not sandboxed, any scripts running in the preview iframe can access the top variable and, thus, access the toplevel NodeJS `require` function. `require` can then be used to import modules like fs or child_process and run arbitrary commands. This issue has been addressed in version 2.12.9 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Joplin es una aplicaci\u00f3n gratuita y de c\u00f3digo abierto para tomar notas y tareas pendientes. Una vulnerabilidad de Cross-Site Scripting (XSS) permite que una nota que no es de confianza abierta en modo seguro ejecute c\u00f3digo arbitrario. `packages/renderer/MarkupToHtml.ts` muestra el contenido de la nota en modo seguro rode\u00e1ndolo con \u003cpre\u003e y \u003c/pre\u003e, sin escapar de ninguna etiqueta HTML interior. Por lo tanto, un atacante puede crear una nota que cierre la etiqueta \u003cpre\u003e de apertura y luego incluya HTML que ejecute JavaScript. Debido a que el iframe de rebajas renderizado tiene el mismo origen que el documento de nivel superior y no est\u00e1 en un espacio aislado, cualquier script que se ejecute en el iframe de vista previa puede acceder a la variable superior y, por lo tanto, acceder a la funci\u00f3n `require` de NodeJS de nivel superior. Luego, `require` se puede usar para importar m\u00f3dulos como fs o child_process y ejecutar comandos arbitrarios. Este problema se solucion\u00f3 en la versi\u00f3n 2.12.9 y se recomienda a todos los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad.\u003c/pre\u003e"
}
],
"id": "CVE-2023-37898",
"lastModified": "2025-04-11T17:19:44.633",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 5.3,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-21T20:15:11.583",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Technical Description"
],
"url": "https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-hjmq-3qh4-g2r8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description"
],
"url": "https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-hjmq-3qh4-g2r8"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-03 00:15
Modified
2024-11-21 06:16
Severity ?
Summary
Joplin before 2.0.9 allows XSS via button and form in the note body.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/laurent22/joplin/commit/feaecf765368f2c273bea3a9fa641ff0da7e6b26 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/laurent22/joplin/releases/tag/v2.0.9 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/laurent22/joplin/commit/feaecf765368f2c273bea3a9fa641ff0da7e6b26 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/laurent22/joplin/releases/tag/v2.0.9 | Release Notes, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| joplin_project | joplin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joplin_project:joplin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "464EACB7-F2D4-4800-89C0-E5F34EF7E79C",
"versionEndExcluding": "2.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Joplin before 2.0.9 allows XSS via button and form in the note body."
},
{
"lang": "es",
"value": "Joplin versiones anteriores a 2.0.9, permite un ataque XSS por medio del button y form en el cuerpo de la nota"
}
],
"id": "CVE-2021-37916",
"lastModified": "2024-11-21T06:16:03.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-03T00:15:08.653",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/laurent22/joplin/commit/feaecf765368f2c273bea3a9fa641ff0da7e6b26"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/laurent22/joplin/releases/tag/v2.0.9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/laurent22/joplin/commit/feaecf765368f2c273bea3a9fa641ff0da7e6b26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/laurent22/joplin/releases/tag/v2.0.9"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-30 15:15
Modified
2024-11-21 08:11
Severity ?
Summary
Joplin before 2.11.5 allows XSS via a USE element in an SVG document.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| joplin_project | joplin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joplin_project:joplin:*:*:*:*:*:-:*:*",
"matchCriteriaId": "BD2AEC11-397F-4C85-AA33-BCA9DFEBB263",
"versionEndExcluding": "2.11.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Joplin before 2.11.5 allows XSS via a USE element in an SVG document."
}
],
"id": "CVE-2023-37298",
"lastModified": "2024-11-21T08:11:25.737",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-30T15:15:09.007",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/laurent22/joplin/commit/caf66068bfc474bbfd505013076ed173cd90ca83"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/laurent22/joplin/releases/tag/v2.11.5"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://vuln.ryotak.net/advisories/69"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/laurent22/joplin/commit/caf66068bfc474bbfd505013076ed173cd90ca83"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/laurent22/joplin/releases/tag/v2.11.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://vuln.ryotak.net/advisories/69"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-30 15:16
Modified
2025-05-16 16:29
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Prior to version 3.3.3, path traversal is possible in Joplin Server if static file path starts with `css/pluginAssets` or `js/pluginAssets`. The `findLocalFile` function in the `default route` calls `localFileFromUrl` to check for special `pluginAssets` paths. If the function returns a path, the result is returned directly, without checking for path traversal. The vulnerability allows attackers to read files outside the intended directories. This issue has been patched in version 3.3.3.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| joplin_project | joplin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joplin_project:joplin:*:*:*:*:*:-:*:*",
"matchCriteriaId": "DD591BFD-416F-494A-8CF5-1BE3656CCC27",
"versionEndExcluding": "3.3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Prior to version 3.3.3, path traversal is possible in Joplin Server if static file path starts with `css/pluginAssets` or `js/pluginAssets`. The `findLocalFile` function in the `default route` calls `localFileFromUrl` to check for special `pluginAssets` paths. If the function returns a path, the result is returned directly, without checking for path traversal. The vulnerability allows attackers to read files outside the intended directories. This issue has been patched in version 3.3.3."
},
{
"lang": "es",
"value": "Joplin es una aplicaci\u00f3n gratuita y de c\u00f3digo abierto para tomar notas y gestionar tareas pendientes, capaz de gestionar un gran n\u00famero de notas organizadas en cuadernos. Antes de la versi\u00f3n 3.3.3, era posible path traversal en Joplin Server si la ruta est\u00e1tica del archivo comenzaba por `css/pluginAssets` o `js/pluginAssets`. La funci\u00f3n `findLocalFile` de la `ruta predeterminada` llama a `localFileFromUrl` para buscar rutas especiales de `pluginAssets`. Si la funci\u00f3n devuelve una ruta, el resultado se devuelve directamente, sin comprobar si hay path traversal. Esta vulnerabilidad permite a los atacantes leer archivos fuera de los directorios previstos. Este problema se ha corregido en la versi\u00f3n 3.3.3."
}
],
"id": "CVE-2025-27409",
"lastModified": "2025-05-16T16:29:40.663",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-04-30T15:16:01.067",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/laurent22/joplin/pull/11916"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-5xv6-7jm3-fmg5"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-5xv6-7jm3-fmg5"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-09 15:15
Modified
2024-09-17 18:03
Severity ?
9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Summary
Joplin is a free, open source note taking and to-do application. Joplin fails to take into account that "<" followed by a non letter character will not be considered html. As such it is possible to do an XSS by putting an "illegal" tag within a tag.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| joplin_project | joplin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joplin_project:joplin:*:*:*:*:*:-:*:*",
"matchCriteriaId": "A3D65634-E8F7-4309-8E4A-EE63510B032F",
"versionEndExcluding": "3.0.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Joplin is a free, open source note taking and to-do application. Joplin fails to take into account that \"\u003c\" followed by a non letter character will not be considered html. As such it is possible to do an XSS by putting an \"illegal\" tag within a tag."
},
{
"lang": "es",
"value": "Joplin es una aplicaci\u00f3n de c\u00f3digo abierto y gratuita para tomar notas y realizar tareas pendientes. Joplin no tiene en cuenta que un \"\u0026lt;\" seguido de un car\u00e1cter que no sea una letra no se considerar\u00e1 HTML. Por lo tanto, es posible realizar un XSS colocando una etiqueta \"ilegal\" dentro de otra etiqueta."
}
],
"id": "CVE-2024-40643",
"lastModified": "2024-09-17T18:03:05.080",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-09T15:15:11.597",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/laurent22/joplin/commit/b220413a9b5ed55fb1f565ac786a5c231da8bc87"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-g796-3g6g-jmmc"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-07 23:15
Modified
2025-04-11 18:56
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by adding note titles to the document using React's `dangerouslySetInnerHTML`, without first escaping HTML entities. Joplin lacks a Content-Security-Policy with a restrictive `script-src`. This allows arbitrary JavaScript execution via inline `onclick`/`onload` event handlers in unsanitized HTML. Additionally, Joplin's main window is created with `nodeIntegration` set to `true`, allowing arbitrary JavaScript execution to result in arbitrary code execution. Anyone who 1) receives notes from unknown sources and 2) uses <kbd>ctrl</kbd>-<kbd>p</kbd> to search is impacted. This issue has been addressed in version 3.1.24 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| joplin_project | joplin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joplin_project:joplin:*:*:*:*:*:-:*:*",
"matchCriteriaId": "054ACD95-A971-4DD1-B625-BCCD33BCA444",
"versionEndExcluding": "3.1.24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by adding note titles to the document using React\u0027s `dangerouslySetInnerHTML`, without first escaping HTML entities. Joplin lacks a Content-Security-Policy with a restrictive `script-src`. This allows arbitrary JavaScript execution via inline `onclick`/`onload` event handlers in unsanitized HTML. Additionally, Joplin\u0027s main window is created with `nodeIntegration` set to `true`, allowing arbitrary JavaScript execution to result in arbitrary code execution. Anyone who 1) receives notes from unknown sources and 2) uses \u003ckbd\u003ectrl\u003c/kbd\u003e-\u003ckbd\u003ep\u003c/kbd\u003e to search is impacted. This issue has been addressed in version 3.1.24 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Joplin es una aplicaci\u00f3n de c\u00f3digo abierto y gratuita para tomar notas y realizar tareas pendientes, que puede gestionar una gran cantidad de notas organizadas en cuadernos. Esta vulnerabilidad se produce al a\u00f1adir t\u00edtulos de notas al documento mediante `dangerouslySetInnerHTML` de React, sin escapar primero las entidades HTML. Joplin carece de una Content-Security-Policy con un `script-src` restrictivo. Esto permite la ejecuci\u00f3n arbitraria de JavaScript a trav\u00e9s de controladores de eventos `onclick`/`onload` en l\u00ednea en HTML no saneado. Adem\u00e1s, la ventana principal de Joplin se crea con `nodeIntegration` configurado en `true`, lo que permite la ejecuci\u00f3n arbitraria de JavaScript para dar como resultado la ejecuci\u00f3n de c\u00f3digo arbitrario. Cualquiera que 1) reciba notas de fuentes desconocidas y 2) utilice ctrl-p para buscar se ve afectado. Este problema se ha solucionado en la versi\u00f3n 3.1.24 y se recomienda a todos los usuarios que actualicen. No existen workarounds para esta vulnerabilidad."
}
],
"id": "CVE-2025-25187",
"lastModified": "2025-04-11T18:56:36.240",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-02-07T23:15:15.217",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/laurent22/joplin/blob/2fc9bd476b0d9abcddb0a46f615a48333779d225/packages/app-desktop/plugins/GotoAnything.tsx#L558"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/laurent22/joplin/commit/360ece6f8873ef81afbfb98b25faad696ffccdb6"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-9gfv-q6wj-fr3c"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-9gfv-q6wj-fr3c"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}