CVE-2023-37299
Joplin contains a Cross-Site Scripting vulnerability (CVE-2023-37299) affecting versions prior to 2.11.5 due to improper handling of AREA elements within image maps. Root cause is an XSS flaw in the rendering/processing of image-map AREA hyperlinks, enabling script execution in a victim’s browser...