Laurent Cozic · Joplin · CVE-2020-28249
**Name of the Vulnerable Software and Affected Versions**
Joplin version 1.2.6
**Description**
The issue allows for XSS via a LINK element in a note. This can potentially lead to malicious script execution.
**Recommendations**
For Joplin version 1.2.6, update to a newer version that contains a fix for this issue.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.