CVE-2023-37299

Name of the Vulnerable Software and Affected Versions Joplin versions prior to 2.11.5

Description The issue is related to an AREA element of an image map, which allows for a cross-site scripting (XSS) attack. This can be exploited by a remote attacker to conduct an XSS attack. The vulnerability is associated with the failure to protect the structure of a web page.

Recommendations For versions prior to 2.11.5, update to version 2.11.5 or later to resolve the issue. As a temporary workaround, consider disabling the use of AREA elements in image maps until a patch is available. Restrict access to potentially vulnerable web pages to minimize the risk of exploitation.