Moderate severityNVD Advisory· Published Jun 16, 2022· Updated Aug 3, 2024
CVE-2021-33295
CVE-2021-33295
Description
Cross Site Scripting (XSS) vulnerability in Joplin Desktop App before 1.8.5 allows attackers to execute aribrary code due to improper sanitizing of html.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
joplinnpm | < 1.8.5 | 1.8.5 |
Affected products
2- Joplin/Joplin Desktop Appdescription
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-phj8-2p6x-hq5rghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-33295ghsaADVISORY
- github.com/laurent22/joplin/commit/9c20d5947d1fa4678a8b640792ff3d31224f0adfghsax_refsource_MISCWEB
- github.com/laurent22/joplin/releases/tag/v1.8.5ghsax_refsource_MISCWEB
- the-it-wonders.blogspot.com/2021/05/joplin-app-desktop-version-vulnerable.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.