Joplin is a free, open source note taking and to-do application. Joplin fails to take into account that "<" followed by a non letter character will not be considered html. As such it is possible to do an XSS by putting an "illegal" tag within a tag.
Metrics
Affected Vendors & Products
References
History
Tue, 17 Sep 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Joplin Project
Joplin Project joplin |
|
CPEs | cpe:2.3:a:joplin_project:joplin:*:*:*:*:*:-:*:* | |
Vendors & Products |
Joplin Project
Joplin Project joplin |
Mon, 09 Sep 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Joplinapp
Joplinapp joplin |
|
CPEs | cpe:2.3:a:joplinapp:joplin:*:*:*:*:*:node.js:*:* | |
Vendors & Products |
Joplinapp
Joplinapp joplin |
|
Metrics |
ssvc
|
Mon, 09 Sep 2024 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Joplin is a free, open source note taking and to-do application. Joplin fails to take into account that "<" followed by a non letter character will not be considered html. As such it is possible to do an XSS by putting an "illegal" tag within a tag. | |
Title | Joplin has a parsing error leading to Cross-site Scripting (XSS) | |
Weaknesses | CWE-79 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-09-09T14:28:20.920Z
Updated: 2024-09-09T14:52:47.111Z
Reserved: 2024-07-08T16:13:15.512Z
Link: CVE-2024-40643
Vulnrichment
Updated: 2024-09-09T14:52:37.602Z
NVD
Status : Analyzed
Published: 2024-09-09T15:15:11.597
Modified: 2024-09-17T18:03:05.080
Link: CVE-2024-40643
Redhat
No data.