Advisory #68
TitleJoplin cross-site scripting via the area tag
CVE IDCVE-2023-37299
Vendorlaurent22
Affected productJoplin
Affected versions< v2.11.5
Vulnerability typeCWE-79 (Cross-site Scripting)
DescriptionJoplin before v2.11.5 has a vulnerability that allows a malicious notebook to execute arbitrary JavaScript by area tag.
StatusFixed in v2.11.5
RecommendationUpdate to v2.11.5 or above.