Jubair Rehman Yousafzai

**Name of the Vulnerable Software and Affected Versions** Joplin Desktop App versions prior to 1.8.5 **Description** The issue is related to a Cross Site Scripting (XSS) vulnerability due to improper sanitizing of html, allowing attackers to execute arbitrary code. **Recommendations** For versions prior to 1.8.5, update to version 1.8.5 or later to resolve the issue. As a temporary workaround, consider restricting the execution of arbitrary code in the Joplin Desktop App until a patch is applied.