Vulnerability Description
Cross Site Scripting (XSS) vulnerability in Joplin Desktop App before 1.8.5 allows attackers to execute aribrary code due to improper sanitizing of html.
CVSS Score
5.4
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Joplin Project | Joplin | < 1.8.5 |
Related Weaknesses (CWE)
References
- https://github.com/laurent22/joplin/commit/9c20d5947d1fa4678a8b640792ff3d31224f0PatchThird Party Advisory
- https://github.com/laurent22/joplin/releases/tag/v1.8.5Release NotesThird Party Advisory
- https://the-it-wonders.blogspot.com/2021/05/joplin-app-desktop-version-vulnerablExploitThird Party Advisory
- https://github.com/laurent22/joplin/commit/9c20d5947d1fa4678a8b640792ff3d31224f0PatchThird Party Advisory
- https://github.com/laurent22/joplin/releases/tag/v1.8.5Release NotesThird Party Advisory
- https://the-it-wonders.blogspot.com/2021/05/joplin-app-desktop-version-vulnerablExploitThird Party Advisory
FAQ
What is CVE-2021-33295?
CVE-2021-33295 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Cross Site Scripting (XSS) vulnerability in Joplin Desktop App before 1.8.5 allows attackers to execute aribrary code due to improper sanitizing of html.
How severe is CVE-2021-33295?
CVE-2021-33295 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-33295?
Check the references section above for vendor advisories and patch information. Affected products include: Joplin Project Joplin.