5 matches found
Joplin 1.2.6 - 'link' Cross Site Scripting
Exploit Title: Joplin 1.2.6 - 'link' Cross Site Scripting Date: 2020-09-21 Exploit Author: Philip Holbrook @fhlipZero Vendor Homepage: https://joplinapp.org/ Software Link: https://github.com/laurent22/joplin/releases/tag/v1.2.6 Version: 1.2.6 Tested on: Windows / Mac CVE : CVE-2020-28249...
Joplin 1.2.6 Cross Site Scripting
Exploit Title: Joplin 1.2.6 - 'link' Cross Site Scripting Date: 2020-09-21 Exploit Author: Philip Holbrook @fhlipZero Vendor Homepage: https://joplinapp.org/ Software Link: https://github.com/laurent22/joplin/releases/tag/v1.2.6 Version: 1.2.6 Tested on: Windows / Mac CVE : CVE-2020-28249...
CVE-2020-28249
Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note...
CVE-2020-28249
CVE-2020-28249 affects Joplin 1.2.6 for Desktop, where a note containing a LINK element can trigger cross-site scripting due to inadequate validation of client-side data. The root cause is described as an XSS flaw in the link handling within notes. Exploitation material exists in public disclosur...
CVE-2020-28249
Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note...