PT-2020-14723 · Joplin · Joplin

Ademar Nowasky Junior

Published

2020-09-24

Updated

2021-05-07

CVE-2020-15930

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Joplin desktop versions 1.0.190 through 1.0.245

Description The issue allows for arbitrary code execution via a malicious HTML embed tag. This is an XSS issue that affects Joplin desktop, enabling potential attackers to execute arbitrary code.

Recommendations For versions 1.0.190 through 1.0.245, update to a version outside of this range to mitigate the risk of arbitrary code execution. As a temporary workaround, consider restricting the use of HTML embed tags in Joplin desktop until a patch is available.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-15930

GHSA-CGC7-MWP4-3CCX

Affected Products

Joplin

PT-2020-14723 · Joplin · Joplin

CVE-2020-15930

Weakness Enumeration

Related Identifiers

Affected Products

References · 8