Advisory #69
| Title | Joplin cross-site scripting via the use tag |
| CVE ID | CVE-2023-37298 |
| Vendor | laurent22 |
| Affected product | Joplin |
| Affected versions | < v2.11.5 |
| Vulnerability type | CWE-79 (Cross-site Scripting) |
| Description | Joplin before v2.11.5 has a vulnerability that allows a malicious notebook to execute arbitrary JavaScript using a use tag. |
| Status | Fixed in v2.11.5 |
| Recommendation | Update to v2.11.5 or above. |