Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1waGo4LTJwNngtaHE1cs4AArr3
Joplin Cross Site Scripting Vulnerability via NOSCRIPT tags
Cross Site Scripting (XSS) vulnerability in Joplin Desktop App before 1.8.5 allows attackers to execute aribrary code due to improper sanitizing of html.
Permalink: https://github.com/advisories/GHSA-phj8-2p6x-hq5rJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1waGo4LTJwNngtaHE1cs4AArr3
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 14 days ago
CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-phj8-2p6x-hq5r, CVE-2021-33295
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-33295
- https://github.com/laurent22/joplin/commit/9c20d5947d1fa4678a8b640792ff3d31224f0adf
- https://github.com/laurent22/joplin/releases/tag/v1.8.5
- https://the-it-wonders.blogspot.com/2021/05/joplin-app-desktop-version-vulnerable.html
- https://github.com/advisories/GHSA-phj8-2p6x-hq5r
Blast Radius: 7.7
Affected Packages
npm:joplin
Dependent packages: 2Dependent repositories: 27
Downloads: 2,480 last month
Affected Version Ranges: < 1.8.5
Fixed in: 1.8.5
All affected versions: 0.8.40, 0.8.68, 0.8.70, 0.8.71, 0.8.72, 0.9.1, 0.9.2, 0.9.3, 0.9.4, 0.9.5, 0.9.6, 0.9.7, 0.9.8, 0.9.9, 0.9.10, 0.9.11, 0.9.12, 0.9.13, 0.9.18, 0.9.19, 0.10.20, 0.10.21, 0.10.22, 0.10.23, 0.10.24, 0.10.25, 0.10.26, 0.10.27, 0.10.28, 0.10.29, 0.10.30, 0.10.31, 0.10.32, 0.10.33, 0.10.34, 0.10.35, 0.10.36, 0.10.38, 0.10.39, 0.10.40, 0.10.41, 0.10.42, 0.10.43, 0.10.44, 0.10.45, 0.10.46, 0.10.47, 0.10.48, 0.10.49, 0.10.50, 0.10.51, 0.10.53, 0.10.54, 0.10.55, 0.10.58, 0.10.60, 0.10.61, 0.10.62, 0.10.63, 0.10.64, 0.10.65, 0.10.66, 0.10.67, 0.10.68, 0.10.69, 0.10.70, 0.10.71, 0.10.72, 0.10.73, 0.10.74, 0.10.75, 0.10.76, 0.10.77, 0.10.78, 0.10.79, 0.10.80, 0.10.81, 0.10.82, 0.10.83, 0.10.84, 0.10.85, 0.10.86, 0.10.87, 0.10.88, 0.10.89, 0.10.90, 0.10.91, 0.10.92, 0.10.93, 1.0.95, 1.0.96, 1.0.97, 1.0.98, 1.0.99, 1.0.100, 1.0.101, 1.0.103, 1.0.104, 1.0.106, 1.0.107, 1.0.108, 1.0.109, 1.0.110, 1.0.112, 1.0.113, 1.0.114, 1.0.115, 1.0.116, 1.0.117, 1.0.118, 1.0.119, 1.0.120, 1.0.122, 1.0.123, 1.0.124, 1.0.125, 1.0.126, 1.0.127, 1.0.128, 1.0.129, 1.0.130, 1.0.131, 1.0.132, 1.0.133, 1.0.135, 1.0.136, 1.0.137, 1.0.139, 1.0.140, 1.0.141, 1.0.142, 1.0.143, 1.0.144, 1.0.145, 1.0.146, 1.0.147, 1.0.148, 1.0.149, 1.0.150, 1.0.151, 1.0.152, 1.0.153, 1.0.154, 1.0.155, 1.0.156, 1.0.157, 1.0.158, 1.0.159, 1.0.160, 1.0.161, 1.0.162, 1.0.163, 1.0.164, 1.0.165, 1.0.166, 1.0.167, 1.0.168, 1.1.2, 1.1.7, 1.1.8, 1.2.1, 1.2.2, 1.2.3, 1.3.1, 1.3.2, 1.3.3, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6, 1.4.7, 1.4.8, 1.4.9, 1.5.1, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.8.1
All unaffected versions: 2.0.1, 2.1.1, 2.1.2, 2.2.1, 2.2.2, 2.3.2, 2.4.1, 2.6.1, 2.6.2, 2.8.1, 2.9.1, 2.10.1, 2.10.2, 2.10.3, 2.11.1, 2.12.1, 2.13.1, 2.13.2, 2.14.1