{"id":"CVE-2021-37916","details":"Joplin before 2.0.9 allows XSS via button and form in the note body.","aliases":["GHSA-mrmf-755g-w2vw"],"modified":"2026-04-10T04:36:10.481409Z","published":"2021-08-03T00:15:08.653Z","references":[{"type":"ADVISORY","url":"https://github.com/laurent22/joplin/releases/tag/v2.0.9"},{"type":"FIX","url":"https://github.com/laurent22/joplin/commit/feaecf765368f2c273bea3a9fa641ff0da7e6b26"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/laurent22/joplin","events":[{"introduced":"0"},{"fixed":"7aca380cfa2d8ce419cce4329a491c025bc071f9"},{"fixed":"feaecf765368f2c273bea3a9fa641ff0da7e6b26"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.0.9"}]}}],"versions":["android-v0.10.61","android-v0.10.62","android-v0.10.65","android-v0.10.69","android-v0.10.71","android-v0.10.83","android-v0.10.85","android-v0.10.86","android-v0.10.88","android-v0.10.89","android-v0.10.90","android-v0.10.91","android-v0.10.92","android-v1.0.100","android-v1.0.101","android-v1.0.102","android-v1.0.103","android-v1.0.115","android-v1.0.116","android-v1.0.118","android-v1.0.119","android-v1.0.120","android-v1.0.122","android-v1.0.123","android-v1.0.124","android-v1.0.125","android-v1.0.127","android-v1.0.128","android-v1.0.129","android-v1.0.131","android-v1.0.132","android-v1.0.133","android-v1.0.135","android-v1.0.138","android-v1.0.140","android-v1.0.141","android-v1.0.142","android-v1.0.148","android-v1.0.151","android-v1.0.175","android-v1.0.176","android-v1.0.177","android-v1.0.178","android-v1.0.179","android-v1.0.181","android-v1.0.200","android-v1.0.201","android-v1.0.224","android-v1.0.225","android-v1.0.232","android-v1.0.233","android-v1.0.234","android-v1.0.236","android-v1.0.237","android-v1.0.238","android-v1.0.239","android-v1.0.240","android-v1.0.241","android-v1.0.242","android-v1.0.243","android-v1.0.248","android-v1.0.251","android-v1.0.252","android-v1.0.253","android-v1.0.254","android-v1.0.255","android-v1.0.260","android-v1.0.261","android-v1.0.269","android-v1.0.271","android-v1.0.276","android-v1.0.277","android-v1.0.279","android-v1.0.281","android-v1.0.283","android-v1.0.284","android-v1.0.289","android-v1.0.290","android-v1.0.291","android-v1.0.292","android-v1.0.293","android-v1.0.294","android-v1.0.299","android-v1.0.303","android-v1.0.304","android-v1.0.305","android-v1.0.306","android-v1.0.307","android-v1.0.308","android-v1.0.309","android-v1.0.310","android-v1.0.311","android-v1.0.312","android-v1.0.313","android-v1.0.314","android-v1.0.315","android-v1.0.316","android-v1.0.317","android-v1.0.318","android-v1.0.319-rc1","android-v1.0.320","android-v1.0.321","android-v1.0.322","android-v1.0.323","android-v1.0.324","android-v1.0.325","android-v1.0.326","android-v1.0.327","android-v1.0.337","android-v1.0.339-3","android-v1.0.340","android-v1.0.94","android-v1.0.95","android-v1.0.97","android-v1.0.98","android-v1.3.10","android-v1.3.11","android-v1.3.13","android-v1.3.7","android-v1.3.9","android-v1.4.11","android-v1.5.1","android-v1.6.2","android-v1.6.3","android-v1.6.4","android-v1.6.5","android-v1.6.6","android-v1.8.1","android-v1.8.2","android-v1.8.3","android-v1.8.4","cli-v0.10.86","cli-v0.10.87","cli-v0.10.93","cli-v1.0.100","cli-v1.0.106","cli-v1.0.107","cli-v1.0.108","cli-v1.0.109","cli-v1.0.110","cli-v1.0.113","cli-v1.0.114","cli-v1.0.115","cli-v1.0.117","cli-v1.0.118","cli-v1.0.120","cli-v1.0.122","cli-v1.0.123","cli-v1.0.124","cli-v1.0.126","cli-v1.0.127","cli-v1.0.128","cli-v1.0.129","cli-v1.0.133","cli-v1.0.135","cli-v1.0.136","cli-v1.0.137","cli-v1.0.139","cli-v1.0.141","cli-v1.0.145","cli-v1.0.146","cli-v1.0.147","cli-v1.0.148","cli-v1.0.149","cli-v1.0.150","cli-v1.0.154","cli-v1.0.155","cli-v1.0.156","cli-v1.0.157","cli-v1.0.158","cli-v1.0.159","cli-v1.0.160","cli-v1.0.161","cli-v1.0.162","cli-v1.0.163","cli-v1.0.164","cli-v1.0.95","cli-v1.0.96","cli-v1.0.97","cli-v1.0.98","cli-v1.0.99","cli-v1.2.1","cli-v1.3.1","cli-v1.3.2","cli-v1.3.3","cli-v1.5.1","cli-v1.6.1","cli-v1.6.2","cli-v1.6.3","clipper-1.0.10","clipper-1.0.12","clipper-1.0.13","clipper-1.0.14","clipper-1.0.17","clipper-1.0.19","clipper-1.0.20","clipper-1.0.21","clipper-1.0.22","clipper-1.0.23","clipper-1.0.25","clipper-1.0.7","clipper-1.0.8","clipper-1.3.1","clipper-1.4.3","ios-v0.10.6","ios-v1.0.13","ios-v10.0.21","ios-v10.0.22","ios-v10.0.27","ios-v10.0.29","ios-v10.0.30","ios-v10.0.31","ios-v10.0.33","ios-v10.0.34","ios-v10.0.35","ios-v10.0.37","ios-v10.0.39","ios-v10.0.40","ios-v10.0.41","ios-v10.0.43","ios-v10.0.44","ios-v10.0.45","ios-v10.0.47","ios-v10.3.1","ios-v10.4.1","ios-v10.5.1","ios-v10.6.2","plugin-generator-v1.4.5","plugin-generator-v1.6.10","plugin-generator-v1.6.11","plugin-generator-v1.6.2","plugin-generator-v1.6.3","plugin-generator-v1.6.4","plugin-generator-v1.6.5","plugin-generator-v1.6.6","plugin-generator-v1.6.7","plugin-generator-v1.6.8","plugin-generator-v1.6.9","plugin-generator-v1.7.1","plugin-generator-v1.7.2","plugin-generator-v1.7.3","server-v1.6.4","server-v1.7.2","server-v2.0.5","server-v2.0.6","server-v2.0.8-beta","server-v2.0.9-beta","untagged-6ad6c38d382d9cf912e5","v0.10.26","v0.10.27","v0.10.28","v0.10.29","v0.10.30","v0.10.31","v0.10.32","v0.10.33","v0.10.34","v0.10.35","v0.10.36","v0.10.37","v0.10.38","v0.10.41","v0.10.42","v0.10.43","v0.10.55","v0.10.56","v0.10.57","v0.10.58","v0.10.59","v0.10.60","v0.10.61","v1.0.100","v1.0.101","v1.0.102","v1.0.103","v1.0.104","v1.0.105","v1.0.106","v1.0.107","v1.0.108","v1.0.109","v1.0.110","v1.0.111","v1.0.112","v1.0.113","v1.0.114","v1.0.115","v1.0.116","v1.0.117","v1.0.118","v1.0.119","v1.0.120","v1.0.123","v1.0.125","v1.0.126","v1.0.127","v1.0.128","v1.0.129","v1.0.130","v1.0.131","v1.0.132","v1.0.133","v1.0.134","v1.0.135","v1.0.136","v1.0.137","v1.0.138","v1.0.139","v1.0.140","v1.0.142","v1.0.143","v1.0.149","v1.0.150","v1.0.151","v1.0.152","v1.0.153","v1.0.154","v1.0.155","v1.0.156","v1.0.157","v1.0.158","v1.0.159","v1.0.160","v1.0.161","v1.0.162","v1.0.163","v1.0.164","v1.0.165","v1.0.166","v1.0.167","v1.0.168","v1.0.169","v1.0.170","v1.0.171","v1.0.172","v1.0.174","v1.0.175","v1.0.176","v1.0.177","v1.0.178","v1.0.179","v1.0.182","v1.0.183","v1.0.184","v1.0.185","v1.0.186","v1.0.187","v1.0.188","v1.0.189","v1.0.190","v1.0.191","v1.0.192","v1.0.193","v1.0.194","v1.0.195","v1.0.196","v1.0.197","v1.0.198","v1.0.199","v1.0.200","v1.0.206","v1.0.207","v1.0.208","v1.0.209","v1.0.210","v1.0.211","v1.0.212","v1.0.213","v1.0.214","v1.0.234","v1.0.235","v1.0.238","v1.0.239","v1.0.242","v1.0.243","v1.0.62","v1.0.63","v1.0.64","v1.0.66","v1.0.67","v1.0.68","v1.0.69","v1.0.70","v1.0.81","v1.0.82","v1.0.83","v1.0.84","v1.0.85","v1.0.86","v1.0.87","v1.0.88","v1.0.89","v1.0.90","v1.0.91","v1.0.92","v1.0.93","v1.0.94","v1.0.95","v1.0.96","v1.0.97","v1.0.98","v1.0.99","v1.1.1","v1.1.2","v1.1.244","v1.1.3","v1.3.1","v1.3.10","v1.3.14","v1.3.15","v1.3.2","v1.3.3","v1.3.4","v1.3.5","v1.3.7","v1.3.8","v1.3.9","v1.4.1","v1.4.11","v1.4.2","v1.4.3","v1.4.4","v1.4.5","v1.4.6","v1.4.7","v1.4.8","v1.5.1","v1.5.10","v1.5.11","v1.5.2","v1.5.3","v1.5.5","v1.5.6","v1.5.7","v1.5.8","v1.5.9","v1.6.1","v1.6.2","v1.6.4","v1.6.5","v1.6.6","v1.7.4","v1.7.5","v1.7.6","v1.8.1","v1.8.2","v1.8.3","v2.0.1","v2.0.3","v2.0.4","v2.0.5","v2.0.6","v2.0.7","v2.0.8"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-37916.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}