CVE-2024-40643
Joplin has a parsing error leading to Cross-site Scripting (XSS)
Joplin is a free, open source note taking and to-do application. Joplin fails to take into account that "<" followed by a non letter character will not be considered html. As such it is possible to do an XSS by putting an "illegal" tag within a tag.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Productos afectados
laurent22 · joplin¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →