Lucene search
K

5 matches found

Exploit DB
Exploit DB
added 2020/11/09 12:0 a.m.257 views

Joplin 1.2.6 - 'link' Cross Site Scripting

Exploit Title: Joplin 1.2.6 - 'link' Cross Site Scripting Date: 2020-09-21 Exploit Author: Philip Holbrook @fhlipZero Vendor Homepage: https://joplinapp.org/ Software Link: https://github.com/laurent22/joplin/releases/tag/v1.2.6 Version: 1.2.6 Tested on: Windows / Mac CVE : CVE-2020-28249...

6.1CVSS6.3AI score0.03027EPSS
Exploits3
Packet Storm
Packet Storm
added 2020/11/09 12:0 a.m.258 views

Joplin 1.2.6 Cross Site Scripting

Exploit Title: Joplin 1.2.6 - 'link' Cross Site Scripting Date: 2020-09-21 Exploit Author: Philip Holbrook @fhlipZero Vendor Homepage: https://joplinapp.org/ Software Link: https://github.com/laurent22/joplin/releases/tag/v1.2.6 Version: 1.2.6 Tested on: Windows / Mac CVE : CVE-2020-28249...

6.3AI score0.03027EPSS
Exploits3
OSV
OSV
added 2020/11/06 7:15 a.m.13 views

CVE-2020-28249

Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note...

6.1CVSS5.7AI score
Exploits0References2
CVE
CVE
added 2020/11/06 6:5 a.m.89 views

CVE-2020-28249

CVE-2020-28249 affects Joplin 1.2.6 for Desktop, where a note containing a LINK element can trigger cross-site scripting due to inadequate validation of client-side data. The root cause is described as an XSS flaw in the link handling within notes. Exploitation material exists in public disclosur...

6.1CVSS5.8AI score0.03027EPSS
Exploits3References2Affected Software1
Cvelist
Cvelist
added 2020/11/06 6:5 a.m.27 views

CVE-2020-28249

Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note...

5.9AI score0.03027EPSS
Exploits3References2
Rows per page
Query Builder