Moderate severityNVD Advisory· Published Sep 24, 2020· Updated Aug 4, 2024
CVE-2020-15930
CVE-2020-15930
Description
An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows arbitrary code execution via a malicious HTML embed tag.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
joplinnpm | >= 1.0.190, < 1.1.7 | 1.1.7 |
Affected products
2- Joplin/Joplin desktopdescription
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-cgc7-mwp4-3ccxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-15930ghsaADVISORY
- packetstormsecurity.com/files/159316/Joplin-1.0.245-Cross-Site-Scripting-Code-Execution.htmlghsax_refsource_MISCWEB
- github.com/laurent22/joplin/commit/57d750bc9aeb0f98d53ed4b924458b54984c15ffghsaWEB
- github.com/laurent22/joplin/issues/3552ghsax_refsource_MISCWEB
- github.com/laurent22/joplin/releases/tag/v1.1.4ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.