VYPR
Unrated severityNVD Advisory· Published Sep 9, 2024· Updated Sep 9, 2024

Joplin has a parsing error leading to Cross-site Scripting (XSS)

CVE-2024-40643

Description

Joplin is a free, open source note taking and to-do application. Joplin fails to take into account that "<" followed by a non letter character will not be considered html. As such it is possible to do an XSS by putting an "illegal" tag within a tag.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Joplin/Joplinllm-fuzzy2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: < 3.0.15

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.