Personalizedrefrigerator

**Name of the Vulnerable Software and Affected Versions** Joplin versions prior to 3.2.8 **Description** Joplin is a free, open source note taking and to-do application. The HTML sanitizer in Joplin allows the `name` attribute to be specified, which can lead to a property replacement issue. If the `name` attribute is set to the same value as an existing `document` property, that property is replaced with the element. This issue can cause a denial of service, where the note viewer fails to refresh until closed and re-opened with a different note. **Recommendations** For versions prior to 3.2.8, upgrade to version 3.2.8 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the `name` attribute in the HTML sanitizer until a patch is applied. There are no known workarounds for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Joplin versions prior to 3.2.12 **Description** This issue is caused by differences between how Joplin's HTML sanitizer handles comments and how the browser handles comments, affecting both the Rich Text Editor and the Markdown viewer. However, the Markdown viewer is `cross-origin isolated`, preventing JavaScript from directly accessing functions or variables in the toplevel Joplin `window`. This is an XSS vulnerability that impacts users who open untrusted notes in the Rich Text Editor. **Recommendations** For Joplin versions prior to 3.2.12, upgrade to version 3.2.12 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the Rich Text Editor for untrusted notes until the update is applied. Restrict access to untrusted notes in the Rich Text Editor to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Joplin versions prior to 3.1.24 **Description** This issue is caused by Joplin adding note titles to the document using React's `dangerouslySetInnerHTML`, without first escaping HTML entities. Joplin lacks a Content-Security-Policy with a restrictive `script-src`, allowing arbitrary JavaScript execution via inline `onclick`/`onload` event handlers in unsanitized HTML. Additionally, Joplin's main window is created with `nodeIntegration` set to `true`, allowing arbitrary JavaScript execution to result in arbitrary code execution. Users who receive notes from unknown sources and use the search function are impacted. **Recommendations** For versions prior to 3.1.24, upgrade to version 3.1.24 or later to resolve the issue. As a temporary workaround, consider avoiding the use of notes from unknown sources and refraining from using the search function until the upgrade is applied. Restrict access to the `dangerouslySetInnerHTML` function and ensure proper escaping of HTML entities to minimize the risk of exploitation. Avoid using the `nodeIntegration` feature with `true` setting until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Joplin versions prior to 2.12.9 **Description** A Cross-site Scripting (XSS) vulnerability in Joplin allows an untrusted note opened in safe mode to execute arbitrary code. The `packages/renderer/MarkupToHtml.ts` file renders note content in safe mode without escaping interior HTML tags, enabling an attacker to create a note that closes the opening <pre> tag and includes HTML that runs JavaScript. Since the rendered markdown iframe has the same origin as the top-level document and is not sandboxed, scripts running in the preview iframe can access the top variable and the toplevel NodeJS `require` function, allowing the import of modules like `fs` or `child process` to run arbitrary commands. **Recommendations** For versions prior to 2.12.9, upgrade to version 2.12.9 or later to address this issue. As a temporary workaround, consider disabling the rendering of notes in safe mode until a patch is available. Restrict access to the `packages/renderer/MarkupToHtml.ts` module to minimize the risk of exploitation. Avoid using the `require` function in the affected iframe until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Joplin versions prior to 2.12.10 **Description** A Cross-site Scripting (XSS) issue in Joplin allows the execution of arbitrary code when pasting untrusted data into the rich text editor. This occurs because HTML pasted into the editor is not properly sanitized, enabling the `onload` attribute of pasted images to execute arbitrary code. Since the TinyMCE editor frame lacks the `sandbox` attribute, scripts can access NodeJS's `require` through the `top` variable, allowing an attacker to run arbitrary commands. **Recommendations** For versions prior to 2.12.10, upgrade to version 2.12.10 or later to resolve the issue. As a temporary workaround, consider disabling the rich text editor feature until a patch is available. Restrict access to untrusted data to minimize the risk of exploitation. Avoid pasting untrusted HTML into the rich text editor until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Joplin versions prior to 2.12.8 **Description** A Cross site scripting (XSS) vulnerability in Joplin allows clicking on an untrusted image link to execute arbitrary shell commands. The HTML sanitizer preserves `<map>` `<area>` links, but unlike `<a>` links, the `target` and `href` attributes are not removed. This allows links with `target` set to ` top` to replace the top-level electron page, which can then import `child process` and execute arbitrary shell commands. **Recommendations** For versions prior to 2.12.8, upgrade to release version 2.12.8 or later to fix the issue. As a temporary workaround, consider disabling the `packages/renderer/htmlUtils.ts::sanitizeHtml` function until a patch is available. Restrict access to untrusted image links to minimize the risk of exploitation. Avoid using the `target` and `href` attributes in links until the issue is resolved.