SB2024111462 - Cross-site scripting in Joplin

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024111462

SB2024111462 - Cross-site scripting in Joplin

Published: November 14, 2024 Updated: May 16, 2026

Security Bulletin ID SB2024111462
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Cross-site scripting (CVE-ID: CVE-2024-49362)

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green


The vulnerability allows a local privileged user to execute arbitrary script code in the markdown preview context.

The vulnerability exists due to cross-site scripting in the markdown preview link handling when rendering crafted markdown content. A local privileged user can create specially crafted markdown content to execute arbitrary script code in the markdown preview context.

User interaction is required to open or render the crafted markdown content.


Remediation

Install update from vendor's website.

References