Lucene search

GitHub Advisory DatabaseGHSA-4JJV-P8X9-RRF7

HistoryJun 30, 2023 - 3:30 p.m.

Joplin Cross-site Scripting vulnerability

2023-06-3015:30:22

CWE-79

GitHub Advisory Database

github.com

joplin

cross-site scripting

vulnerability

image map

area element

software

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

32.3%

JSON

Joplin before 2.11.5 allows XSS via an AREA element of an image map.

Affected configurations

Vulners

Node

joplin_projectjoplinRange<2.11.5

CPENameOperatorVersion
joplinlt2.11.5

CPE	Name	Operator	Version
	joplin	lt	2.11.5

References

github.com/advisories/GHSA-4jjv-p8x9-rrf7

github.com/laurent22/joplin/commit/9e90d9016daf79b5414646a93fd369aedb035071

github.com/laurent22/joplin/releases/tag/v2.11.5

nvd.nist.gov/vuln/detail/CVE-2023-37299

vuln.ryotak.net/advisories/68

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

32.3%

JSON

Related for GHSA-4JJV-P8X9-RRF7