Description
Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note.
Remediation
References
https://github.com/fhlip0/JopinXSS
https://github.com/laurent22/joplin/releases
Related Vulnerabilities
CVE-2023-48238 Vulnerability in npm package json-web-token
CVE-2023-27162 Vulnerability in maven package org.openapitools:openapi-generator-project
CVE-2019-18212 Vulnerability in maven package org.lsp4xml:org.eclipse.lsp4xml.extensions.emmet
CVE-2023-51656 Vulnerability in maven package org.apache.iotdb:iotdb-server
CVE-2020-25724 Vulnerability in maven package io.quarkus:quarkus-resteasy-reactive-parent-aggregator