Vulnerabilities > Joplin Project

DATE	CVE	VULNERABILITY TITLE	RISK
2020-02-17	CVE-2020-9038	Cross-site Scripting vulnerability in Joplin Project Joplin Joplin through 1.0.184 allows Arbitrary File Read via XSS. network low complexity joplin-project CWE-79	5.4
2018-06-26	CVE-2018-1000534	Cross-site Scripting vulnerability in Joplin Project Joplin Joplin version prior to 1.0.90 contains a XSS evolving into code execution due to enabled nodeIntegration for that particular BrowserWindow instance where XSS was identified from vulnerability in Note content field - information on the fix can be found here https://github.com/laurent22/joplin/commit/494e235e18659574f836f84fcf9f4d4fcdcfcf89 that can result in executing unauthorized code within the rights in which the application is running. network low complexity joplin-project CWE-79	6.1

Vulnerabilities > Joplin Project {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Joplin Project"}]}