CVE-2020-28249
npm/joplin
Cross-site Scripting
Jopl for Desktop allows XSS via a LINK element in a note.
Version 1.2.6
Unfortunately no solution exists yet
2020-11-15