Vulnerabilities > Joplin Project > Joplin > 0.10.93
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-03 | CVE-2021-37916 | Cross-site Scripting vulnerability in Joplin Project Joplin Joplin before 2.0.9 allows XSS via button and form in the note body. | 6.1 |
| 2020-02-17 | CVE-2020-9038 | Cross-site Scripting vulnerability in Joplin Project Joplin Joplin through 1.0.184 allows Arbitrary File Read via XSS. | 5.4 |
| 2018-06-26 | CVE-2018-1000534 | Cross-site Scripting vulnerability in Joplin Project Joplin Joplin version prior to 1.0.90 contains a XSS evolving into code execution due to enabled nodeIntegration for that particular BrowserWindow instance where XSS was identified from vulnerability in Note content field - information on the fix can be found here https://github.com/laurent22/joplin/commit/494e235e18659574f836f84fcf9f4d4fcdcfcf89 that can result in executing unauthorized code within the rights in which the application is running. | 6.1 |