Advisory #68 - RyotaK's Vuln DB

Advisory #68

Title	Joplin cross-site scripting via the area tag
CVE ID	Not assigned
Vendor	laurent22
Affected product	Joplin
Affected versions	< v2.11.5
Vulnerability type	CWE-79 (Cross-site Scripting)
Description	Joplin before v2.11.5 has a vulnerability that allows a malicious notebook to execute arbitrary JavaScript by area tag.
Status	Fixed in v2.11.5
Recommendation	Update to v2.11.5 or above.