CVE-2021-33295: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

June 16, 2022 (updated June 27, 2022)

Cross Site Scripting (XSS) vulnerability in Joplin Desktop App before 1.8.5 allows attackers to execute aribrary code due to improper sanitizing of html.

References

github.com/laurent22/joplin/commit/9c20d5947d1fa4678a8b640792ff3d31224f0adf
github.com/laurent22/joplin/releases/tag/v1.8.5
nvd.nist.gov/vuln/detail/CVE-2021-33295
the-it-wonders.blogspot.com/2021/05/joplin-app-desktop-version-vulnerable.html

Detect and mitigate CVE-2021-33295 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →