CVE-2020-28249

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-28249

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-28249.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-28249

Aliases

GHSA-q26w-wjj2-22vv

Published

2020-11-06T07:15:12.700Z

Modified

2026-04-10T04:26:43.066662Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note.

References

Affected packages

Git / github.com/laurent22/joplin

Affected ranges

Type

GIT

Repo

https://github.com/laurent22/joplin

Events

Introduced

Last affected

f5f117cb72648e10ebea0a15787245f745616c58

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.2.6"
        }
    ]
}

Affected versions

android-v0.*

android-v0.10.61

android-v0.10.62

android-v0.10.65

android-v0.10.69

android-v0.10.71

android-v0.10.83

android-v0.10.85

android-v0.10.86

android-v0.10.88

android-v0.10.89

android-v0.10.90

android-v0.10.91

android-v0.10.92

android-v1.*

android-v1.0.100

android-v1.0.101

android-v1.0.102

android-v1.0.103

android-v1.0.115

android-v1.0.116

android-v1.0.118

android-v1.0.119

android-v1.0.120

android-v1.0.122

android-v1.0.123

android-v1.0.124

android-v1.0.125

android-v1.0.127

android-v1.0.128

android-v1.0.129

android-v1.0.131

android-v1.0.132

android-v1.0.133

android-v1.0.135

android-v1.0.138

android-v1.0.140

android-v1.0.141

android-v1.0.142

android-v1.0.148

android-v1.0.151

android-v1.0.175

android-v1.0.176

android-v1.0.177

android-v1.0.178

android-v1.0.179

android-v1.0.181

android-v1.0.200

android-v1.0.201

android-v1.0.224

android-v1.0.225

android-v1.0.232

android-v1.0.233

android-v1.0.234

android-v1.0.236

android-v1.0.237

android-v1.0.238

android-v1.0.239

android-v1.0.240

android-v1.0.241

android-v1.0.242

android-v1.0.243

android-v1.0.248

android-v1.0.251

android-v1.0.252

android-v1.0.253

android-v1.0.254

android-v1.0.255

android-v1.0.260

android-v1.0.261

android-v1.0.269

android-v1.0.271

android-v1.0.276

android-v1.0.277

android-v1.0.279

android-v1.0.281

android-v1.0.283

android-v1.0.284

android-v1.0.289

android-v1.0.290

android-v1.0.291

android-v1.0.292

android-v1.0.293

android-v1.0.294

android-v1.0.299

android-v1.0.303

android-v1.0.304

android-v1.0.305

android-v1.0.306

android-v1.0.307

android-v1.0.308

android-v1.0.309

android-v1.0.310

android-v1.0.311

android-v1.0.312

android-v1.0.313

android-v1.0.314

android-v1.0.315

android-v1.0.316

android-v1.0.317

android-v1.0.318

android-v1.0.319-rc1

android-v1.0.320

android-v1.0.321

android-v1.0.322

android-v1.0.323

android-v1.0.324

android-v1.0.325

android-v1.0.326

android-v1.0.327

android-v1.0.337

android-v1.0.339-3

android-v1.0.340

android-v1.0.94

android-v1.0.95

android-v1.0.97

android-v1.0.98

cli-v0.*

cli-v0.10.86

cli-v0.10.87

cli-v0.10.93

cli-v1.*

cli-v1.0.100

cli-v1.0.106

cli-v1.0.107

cli-v1.0.108

cli-v1.0.109

cli-v1.0.110

cli-v1.0.113

cli-v1.0.114

cli-v1.0.115

cli-v1.0.117

cli-v1.0.118

cli-v1.0.120

cli-v1.0.122

cli-v1.0.123

cli-v1.0.124

cli-v1.0.126

cli-v1.0.127

cli-v1.0.128

cli-v1.0.129

cli-v1.0.133

cli-v1.0.135

cli-v1.0.136

cli-v1.0.137

cli-v1.0.139

cli-v1.0.141

cli-v1.0.145

cli-v1.0.146

cli-v1.0.147

cli-v1.0.148

cli-v1.0.149

cli-v1.0.150

cli-v1.0.154

cli-v1.0.155

cli-v1.0.156

cli-v1.0.157

cli-v1.0.158

cli-v1.0.159

cli-v1.0.160

cli-v1.0.161

cli-v1.0.162

cli-v1.0.163

cli-v1.0.164

cli-v1.0.95

cli-v1.0.96

cli-v1.0.97

cli-v1.0.98

cli-v1.0.99

cli-v1.2.1

cli-v1.2.2

cli-v1.2.3

clipper-1.*

clipper-1.0.10

clipper-1.0.12

clipper-1.0.13

clipper-1.0.14

clipper-1.0.17

clipper-1.0.19

clipper-1.0.20

clipper-1.0.21

clipper-1.0.22

clipper-1.0.23

clipper-1.0.25

clipper-1.0.7

clipper-1.0.8

ios-v0.*

ios-v0.10.6

ios-v1.*

ios-v1.0.13

ios-v10.*

ios-v10.0.21

ios-v10.0.22

ios-v10.0.27

ios-v10.0.29

ios-v10.0.30

ios-v10.0.31

ios-v10.0.33

ios-v10.0.34

ios-v10.0.35

ios-v10.0.37

ios-v10.0.39

ios-v10.0.40

ios-v10.0.41

ios-v10.0.43

ios-v10.0.44

ios-v10.0.45

ios-v10.0.47

Other

untagged-6ad6c38d382d9cf912e5

v0.*

v0.10.26

v0.10.27

v0.10.28

v0.10.29

v0.10.30

v0.10.31

v0.10.32

v0.10.33

v0.10.34

v0.10.35

v0.10.36

v0.10.37

v0.10.38

v0.10.41

v0.10.42

v0.10.43

v0.10.55

v0.10.56

v0.10.57

v0.10.58

v0.10.59

v0.10.60

v0.10.61

v1.*

v1.0.100

v1.0.101

v1.0.102

v1.0.103

v1.0.104

v1.0.105

v1.0.106

v1.0.107

v1.0.108

v1.0.109

v1.0.110

v1.0.111

v1.0.112

v1.0.113

v1.0.114

v1.0.115

v1.0.116

v1.0.117

v1.0.118

v1.0.119

v1.0.120

v1.0.123

v1.0.125

v1.0.126

v1.0.127

v1.0.128

v1.0.129

v1.0.130

v1.0.131

v1.0.132

v1.0.133

v1.0.134

v1.0.135

v1.0.136

v1.0.137

v1.0.138

v1.0.139

v1.0.140

v1.0.142

v1.0.143

v1.0.149

v1.0.150

v1.0.151

v1.0.152

v1.0.153

v1.0.154

v1.0.155

v1.0.156

v1.0.157

v1.0.158

v1.0.159

v1.0.160

v1.0.161

v1.0.162

v1.0.163

v1.0.164

v1.0.165

v1.0.166

v1.0.167

v1.0.168

v1.0.169

v1.0.170

v1.0.171

v1.0.172

v1.0.174

v1.0.175

v1.0.176

v1.0.177

v1.0.178

v1.0.179

v1.0.182

v1.0.183

v1.0.184

v1.0.185

v1.0.186

v1.0.187

v1.0.188

v1.0.189

v1.0.190

v1.0.191

v1.0.192

v1.0.193

v1.0.194

v1.0.195

v1.0.196

v1.0.197

v1.0.198

v1.0.199

v1.0.200

v1.0.206

v1.0.207

v1.0.208

v1.0.209

v1.0.210

v1.0.211

v1.0.212

v1.0.213

v1.0.214

v1.0.234

v1.0.235

v1.0.238

v1.0.239

v1.0.242

v1.0.243

v1.0.62

v1.0.63

v1.0.64

v1.0.66

v1.0.67

v1.0.68

v1.0.69

v1.0.70

v1.0.81

v1.0.82

v1.0.83

v1.0.84

v1.0.85

v1.0.86

v1.0.87

v1.0.88

v1.0.89

v1.0.90

v1.0.91

v1.0.92

v1.0.93

v1.0.94

v1.0.95

v1.0.96

v1.0.97

v1.0.98

v1.0.99

v1.1.1

v1.1.2

v1.1.244

v1.1.3

v1.2.3

v1.2.4

v1.2.5

v1.2.6

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-28249.json"