CVE-2021-37916 Information
Jun 07, 2022
cve
Description
Joplin before 2.0.9 allows XSS via button and form in the note body.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Reference
https://github.com/laurent22/joplin/commit/feaecf765368f2c273bea3a9fa641ff0da7e6b26 https://github.com/laurent22/joplin/releases/tag/v2.0.9
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
6.1
Share on: