3 matches found
Joplin 1.0.245 Cross Site Scripting / Code Execution
Exploit Title: Joplin 1.0.245 - Arbitrary Code Execution PoC Date: 2020-09-21 Exploit Author: Ademar Nowasky Junior @nowaskyjr Vendor Homepage: https://joplinapp.org/ Software Link: https://github.com/laurent22/joplin/releases/download/v1.0.245/Joplin-Setup-1.0.245.exe Version: 1.0.190 to 1.0.245...
Joplin 1.0.245 - Arbitrary Code Execution (PoC)
Exploit Title: Joplin 1.0.245 - Arbitrary Code Execution PoC Date: 2020-09-21 Exploit Author: Ademar Nowasky Junior @nowaskyjr Vendor Homepage: https://joplinapp.org/ Software Link: https://github.com/laurent22/joplin/releases/download/v1.0.245/Joplin-Setup-1.0.245.exe Version: 1.0.190 to 1.0.245...
CVE-2020-15930
CVE-2020-15930 describes an XSS flaw in Joplin Desktop 1.0.190–1.0.245 that enables arbitrary code execution via a malicious HTML embed tag. Public details indicate the renderer does not blacklist HTML embeds, potentially enabling ACE when child windows opened with window.open() have node integra...