CVE-2020-15930

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-15930

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15930.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-15930

Aliases

GHSA-cgc7-mwp4-3ccx

Published

2020-09-24T19:15:11.713Z

Modified

2026-04-10T04:23:09.842831Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows arbitrary code execution via a malicious HTML embed tag.

References

Affected packages

Git / github.com/laurent22/joplin

Affected ranges

Type

GIT

Repo

https://github.com/laurent22/joplin

Events

Introduced

8ba9e9efd8226a07ecb9ae95db598351de4731f2

Last affected

2aa7eaa1928e348eac913b91f10c1fecf89ba322

Fixed

9610b7e6bd815959912dd34c4cd32dd87b37ac39

Database specific

{
    "versions": [
        {
            "introduced": "1.0.190"
        },
        {
            "last_affected": "1.0.245"
        }
    ]
}

Affected versions

android-v1.*

android-v1.0.319-rc1

android-v1.0.320

android-v1.0.321

android-v1.0.322

android-v1.0.323

android-v1.0.324

android-v1.0.325

android-v1.0.326

android-v1.0.327

android-v1.0.337

android-v1.0.339-3

android-v1.0.340

cli-v1.*

cli-v1.0.156

cli-v1.0.157

cli-v1.0.158

cli-v1.0.159

cli-v1.0.160

cli-v1.0.161

cli-v1.0.162

cli-v1.0.163

cli-v1.0.164

clipper-1.*

clipper-1.0.23

clipper-1.0.25

ios-v10.*

ios-v10.0.45

ios-v10.0.47

v1.*

v1.0.190

v1.0.191

v1.0.192

v1.0.193

v1.0.194

v1.0.195

v1.0.196

v1.0.197

v1.0.198

v1.0.199

v1.0.200

v1.0.206

v1.0.207

v1.0.208

v1.0.209

v1.0.210

v1.0.211

v1.0.212

v1.0.213

v1.0.214

v1.0.234

v1.0.235

v1.0.238

v1.0.239

v1.0.242

v1.0.243

v1.0.245

v1.1.1

v1.1.2

v1.1.244

v1.1.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15930.json"