Description
Joplin through 1.0.184 allows Arbitrary File Read via XSS.
Remediation
References
https://github.com/laurent22/joplin/commit/3db47b575b9cb0a765da3d283baa2c065df0d0bc
https://github.com/laurent22/joplin/compare/clipper-1.0.19...clipper-1.0.20
http://packetstormsecurity.com/files/156582/Joplin-Desktop-1.0.184-Cross-Site-Scripting.html
Related Vulnerabilities
CVE-2021-24122 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2022-39381 Vulnerability in npm package hummus
CVE-2014-0193 Vulnerability in maven package org.onosproject:onlab-stc
CVE-2020-11023 Vulnerability in maven package org.webjars.bowergithub.jquery:jquery
CVE-2018-3721 Vulnerability in npm package lodash._basemerge