Description
Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note.
Remediation
References
https://github.com/fhlip0/JopinXSS
https://github.com/laurent22/joplin/releases
Related Vulnerabilities
CVE-2022-40764 Vulnerability in npm package snyk
CVE-2022-21670 Vulnerability in npm package markdown-it
CVE-2021-32854 Vulnerability in maven package org.webjars.npm:textangular
CVE-2020-17530 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2020-7760 Vulnerability in maven package org.webjars.npm:codemirror