Advisory #69
TitleJoplin cross-site scripting via the use tag
CVE IDCVE-2023-37298
Vendorlaurent22
Affected productJoplin
Affected versions< v2.11.5
Vulnerability typeCWE-79 (Cross-site Scripting)
DescriptionJoplin before v2.11.5 has a vulnerability that allows a malicious notebook to execute arbitrary JavaScript using a use tag.
StatusFixed in v2.11.5
RecommendationUpdate to v2.11.5 or above.