5 matches found
CVE-2023-37298
creationtimestamp| type| source ---|---|--- 2023-07-01 06:10:12+00:00| seen| https://t.me/cibsecurity/65793...
demo-joplin (>=1.0.1 <=1.0.8) potentially affected by CVE-2023-37298 via joplin (=0.10.93)
joplin NPM version =0.10.93 is affected by a known vulnerability. The following packages have a transitive dependency on joplin and may be impacted: - demo-joplin =1.0.1, =1.0.8 Source cves: CVE-2023-37298 Source advisory: OSV:GHSA-7GRW-XFX6-QHX6...
CVE-2023-37298
Joplin before 2.11.5 allows XSS via a USE element in an SVG document...
CVE-2023-37298
Joplin prior to 2.11.5 contains a cross-site scripting (XSS) vulnerability via a USE element in an SVG document. Affected product is Joplin (note‑taking app); impact is XSS in contexts that render SVG USE elements. The issue’s root cause is exposure of unsafe SVG usage, with remediation to upgrad...
CVE-2023-37298
Joplin before 2.11.5 allows XSS via a USE element in an SVG document...