Main Vulnerability Database SB20240621121

SB20240621121 - Cross-site scripting in Joplin

Published: June 21, 2024 Updated: May 16, 2026

Security Bulletin ID SB20240621121

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Cross-site scripting (CVE-ID: CVE-2023-38506)

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green

The vulnerability allows a local user to execute arbitrary script code.

The vulnerability exists due to cross-site scripting in the rich text editor when pasting HTML content. A local user can paste crafted HTML to execute arbitrary script code.

User interaction is required to paste the crafted HTML into the editor.

Remediation

Install update from vendor's website.

References

https://github.com/laurent22/joplin/security/advisories/GHSA-m59c-9rrj-c399

SB20240621121 - Cross-site scripting in Joplin

Breakdown by Severity

Description

Remediation

References

Please verify you're human