Lucene search

CVE-2023-39517

🗓️ 21 Jun 2024 20:12:15Reported by GitHub_MType

Joplin note taking app XSS vulnerability allows execution of arbitrary shell command

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 4
Cvelist	CVE-2023-39517 Cross site scripting (XSS) when clicking on an untrusted `<map>` link in Joplin	21 Jun 202419:41	–	cvelist
Vulnrichment	CVE-2023-39517 Cross site scripting (XSS) when clicking on an untrusted `<map>` link in Joplin	21 Jun 202419:41	–	vulnrichment
NVD	CVE-2023-39517	21 Jun 202420:15	–	nvd
OSV	CVE-2023-39517	21 Jun 202420:15	–	osv

Nvd

Vulners

Node

joplin_project joplinRange<2.12.8-

[
  {
    "vendor": "laurent22",
    "product": "joplin",
    "versions": [
      {
        "version": "< 2.12.8",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/laurent22/joplin/commit/7c52c3e9a81a52ef1b42a951f9deb9d378d59b0f
developer	www.developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe
github	www.github.com/laurent22/joplin/security/advisories/GHSA-2h88-m32f-qh5m

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

21 Jun 2024 20:15Current

6.5Medium risk

Vulners AI Score6.5

CVSS35.4 - 8.2

EPSS0.0071

SSVC

CWE-79