Lucene search

Joplin Project Security Vulnerabilities

cve

CVE-2023-37299

Joplin before 2.11.5 allows XSS via an AREA element of an image...

6.1CVSS

5.9AI Score

0.001EPSS

2023-06-30 03:15 PM

108

cve

CVE-2023-37298

Joplin before 2.11.5 allows XSS via a USE element in an SVG...

6.1CVSS

5.8AI Score

0.001EPSS

2023-06-30 03:15 PM

100

cve

CVE-2022-45598

Cross Site Scripting vulnerability in Joplin Desktop App before v2.9.17 allows attacker to execute arbitrary code via improper...

6.1CVSS

6.4AI Score

0.001EPSS

2023-01-31 04:15 PM

cve

CVE-2021-33295

Cross Site Scripting (XSS) vulnerability in Joplin Desktop App before 1.8.5 allows attackers to execute aribrary code due to improper sanitizing of...

5.4CVSS

5.3AI Score

0.001EPSS

2022-06-16 09:15 PM

cve

CVE-2022-23340

Joplin 2.6.10 allows remote attackers to execute system commands through malicious code in user search...

9.8CVSS

9.7AI Score

0.004EPSS

2022-02-08 02:15 PM

cve

CVE-2021-37916

Joplin before 2.0.9 allows XSS via button and form in the note...

6.1CVSS

5.9AI Score

0.001EPSS

2021-08-03 12:15 AM

cve

CVE-2020-28249

Joplin 1.2.6 for Desktop allows XSS via a LINK element in a...

6.1CVSS

5.8AI Score

0.001EPSS

2020-11-06 07:15 AM

cve

CVE-2020-15930

An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows arbitrary code execution via a malicious HTML embed...

6.1CVSS

6.2AI Score

0.002EPSS

2020-09-24 07:15 PM

cve

CVE-2020-9038

Joplin through 1.0.184 allows Arbitrary File Read via...

5.4CVSS

5.5AI Score

0.003EPSS

2020-02-17 04:15 PM

cve

CVE-2018-1000534

Joplin version prior to 1.0.90 contains a XSS evolving into code execution due to enabled nodeIntegration for that particular BrowserWindow instance where XSS was identified from vulnerability in Note content field - information on the fix can be found here...

6.1CVSS

6.3AI Score

0.001EPSS

2018-06-26 04:29 PM