2 matches found
demo-joplin (>=1.0.1 <=1.0.8) potentially affected by CVE-2018-1000534 via joplin (=0.10.93)
joplin NPM version =0.10.93 is affected by a known vulnerability. The following packages have a transitive dependency on joplin and may be impacted: - demo-joplin =1.0.1, =1.0.8 Source cves: CVE-2018-1000534 Source advisory: OSV:GHSA-M6MF-HMRH-PH4J...
CVE-2018-1000534
CVE-2018-1000534 affects Joplin versions prior to 1.0.90. The issue is a Cross-site Scripting (XSS) that can evolve into code execution due to enabled nodeIntegration in a specific BrowserWindow instance, with the XSS originating in the Note content field. Attackers could exploit this by forcing ...