Vulnerabilities > Joplin Project

DATE	CVE	VULNERABILITY TITLE	RISK
2023-06-30	CVE-2023-37298	Cross-site Scripting vulnerability in Joplin Project Joplin Joplin before 2.11.5 allows XSS via a USE element in an SVG document. network low complexity joplin-project CWE-79	6.1
2023-06-30	CVE-2023-37299	Cross-site Scripting vulnerability in Joplin Project Joplin Joplin before 2.11.5 allows XSS via an AREA element of an image map. network low complexity joplin-project CWE-79	6.1
2023-01-31	CVE-2022-45598	Cross-site Scripting vulnerability in Joplin Project Joplin Cross Site Scripting vulnerability in Joplin Desktop App before v2.9.17 allows attacker to execute arbitrary code via improper santization. network low complexity joplin-project CWE-79	6.1
2022-06-16	CVE-2021-33295	Cross-site Scripting vulnerability in Joplin Project Joplin Cross Site Scripting (XSS) vulnerability in Joplin Desktop App before 1.8.5 allows attackers to execute aribrary code due to improper sanitizing of html. network joplin-project CWE-79	3.5
2022-02-08	CVE-2022-23340	Unspecified vulnerability in Joplin Project Joplin 2.6.10 Joplin 2.6.10 allows remote attackers to execute system commands through malicious code in user search results. network low complexity joplin-project	7.5
2021-08-03	CVE-2021-37916	Cross-site Scripting vulnerability in Joplin Project Joplin Joplin before 2.0.9 allows XSS via button and form in the note body. network joplin-project CWE-79	4.3
2020-11-06	CVE-2020-28249	Cross-site Scripting vulnerability in Joplin Project Joplin 1.2.6 Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note. network joplin-project CWE-79	4.3
2020-09-24	CVE-2020-15930	Cross-site Scripting vulnerability in Joplin Project Joplin An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows arbitrary code execution via a malicious HTML embed tag. network joplin-project CWE-79	4.3
2020-02-17	CVE-2020-9038	Cross-site Scripting vulnerability in Joplin Project Joplin Joplin through 1.0.184 allows Arbitrary File Read via XSS. network joplin-project CWE-79	3.5
2018-06-26	CVE-2018-1000534	Cross-site Scripting vulnerability in Joplin Project Joplin Joplin version prior to 1.0.90 contains a XSS evolving into code execution due to enabled nodeIntegration for that particular BrowserWindow instance where XSS was identified from vulnerability in Note content field - information on the fix can be found here https://github.com/laurent22/joplin/commit/494e235e18659574f836f84fcf9f4d4fcdcfcf89 that can result in executing unauthorized code within the rights in which the application is running. network joplin-project CWE-79	4.3

Vulnerabilities > Joplin Project {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Joplin Project"}]}

Vulnerabilities > Joplin Project