Vulnerability Details CVE-2020-15930
An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows arbitrary code execution via a malicious HTML embed tag.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.026
EPSS Ranking 84.9%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://packetstormsecurity.com/files/159316/Joplin-1.0.245-Cross-Site-Scripting-Code-Execution.html
- https://github.com/laurent22/joplin/issues/3552
- https://github.com/laurent22/joplin/releases/tag/v1.1.4
- http://packetstormsecurity.com/files/159316/Joplin-1.0.245-Cross-Site-Scripting-Code-Execution.html
- https://github.com/laurent22/joplin/issues/3552
- https://github.com/laurent22/joplin/releases/tag/v1.1.4
Products affected by CVE-2020-15930
-
cpe:2.3:a:joplin_project:joplin:1.0.190
-
cpe:2.3:a:joplin_project:joplin:1.0.191
-
cpe:2.3:a:joplin_project:joplin:1.0.192
-
cpe:2.3:a:joplin_project:joplin:1.0.193
-
cpe:2.3:a:joplin_project:joplin:1.0.194
-
cpe:2.3:a:joplin_project:joplin:1.0.195
-
cpe:2.3:a:joplin_project:joplin:1.0.196
-
cpe:2.3:a:joplin_project:joplin:1.0.197
-
cpe:2.3:a:joplin_project:joplin:1.0.198
-
cpe:2.3:a:joplin_project:joplin:1.0.199
-
cpe:2.3:a:joplin_project:joplin:1.0.200
-
cpe:2.3:a:joplin_project:joplin:1.0.201
-
cpe:2.3:a:joplin_project:joplin:1.0.202
-
cpe:2.3:a:joplin_project:joplin:1.0.203
-
cpe:2.3:a:joplin_project:joplin:1.0.204
-
cpe:2.3:a:joplin_project:joplin:1.0.205
-
cpe:2.3:a:joplin_project:joplin:1.0.206
-
cpe:2.3:a:joplin_project:joplin:1.0.207
-
cpe:2.3:a:joplin_project:joplin:1.0.208
-
cpe:2.3:a:joplin_project:joplin:1.0.209
-
cpe:2.3:a:joplin_project:joplin:1.0.210
-
cpe:2.3:a:joplin_project:joplin:1.0.211
-
cpe:2.3:a:joplin_project:joplin:1.0.212
-
cpe:2.3:a:joplin_project:joplin:1.0.213
-
cpe:2.3:a:joplin_project:joplin:1.0.214
-
cpe:2.3:a:joplin_project:joplin:1.0.215
-
cpe:2.3:a:joplin_project:joplin:1.0.216
-
cpe:2.3:a:joplin_project:joplin:1.0.217
-
cpe:2.3:a:joplin_project:joplin:1.0.218
-
cpe:2.3:a:joplin_project:joplin:1.0.219
-
cpe:2.3:a:joplin_project:joplin:1.0.220
-
cpe:2.3:a:joplin_project:joplin:1.0.221
-
cpe:2.3:a:joplin_project:joplin:1.0.222
-
cpe:2.3:a:joplin_project:joplin:1.0.223
-
cpe:2.3:a:joplin_project:joplin:1.0.224
-
cpe:2.3:a:joplin_project:joplin:1.0.225
-
cpe:2.3:a:joplin_project:joplin:1.0.226
-
cpe:2.3:a:joplin_project:joplin:1.0.227
-
cpe:2.3:a:joplin_project:joplin:1.0.228
-
cpe:2.3:a:joplin_project:joplin:1.0.229
-
cpe:2.3:a:joplin_project:joplin:1.0.230
-
cpe:2.3:a:joplin_project:joplin:1.0.231
-
cpe:2.3:a:joplin_project:joplin:1.0.232
-
cpe:2.3:a:joplin_project:joplin:1.0.233
-
cpe:2.3:a:joplin_project:joplin:1.0.234
-
cpe:2.3:a:joplin_project:joplin:1.0.235
-
cpe:2.3:a:joplin_project:joplin:1.0.236
-
cpe:2.3:a:joplin_project:joplin:1.0.237
-
cpe:2.3:a:joplin_project:joplin:1.0.238
-
cpe:2.3:a:joplin_project:joplin:1.0.239
-
cpe:2.3:a:joplin_project:joplin:1.0.240
-
cpe:2.3:a:joplin_project:joplin:1.0.241
-
cpe:2.3:a:joplin_project:joplin:1.0.242
-
cpe:2.3:a:joplin_project:joplin:1.0.243
-
cpe:2.3:a:joplin_project:joplin:1.0.244
-
cpe:2.3:a:joplin_project:joplin:1.0.245