CVE-2018-1000534: Cross-site Scripting

June 26, 2018 (updated August 21, 2018)

Joplin contains an XSS evolving into code execution due to enabled nodeIntegration for that particular BrowserWindow instance where XSS was identified from vulnerability in the Note content field.

References

nvd.nist.gov/vuln/detail/CVE-2018-1000534

Detect and mitigate CVE-2018-1000534 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →