{"id":"GHSA-h6c2-879r-jffh","summary":"Joplin Desktop App vulnerable to Cross-site Scripting","details":"Cross Site Scripting vulnerability in Joplin Desktop App before v2.9.17 allows attacker to execute arbitrary code via improper santization.","aliases":["CVE-2022-45598"],"modified":"2023-11-08T04:10:53.211506Z","published":"2023-01-31T18:30:22Z","database_specific":{"github_reviewed":true,"github_reviewed_at":"2023-02-08T21:56:36Z","cwe_ids":["CWE-79"],"nvd_published_at":"2023-01-31T16:15:00Z","severity":"MODERATE"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-45598"},{"type":"WEB","url":"https://github.com/laurent22/joplin/commit/a2de167b95debad83a0f0c7925a88c0198db812e"},{"type":"PACKAGE","url":"https://github.com/laurent22/joplin"},{"type":"WEB","url":"https://github.com/laurent22/joplin/releases/tag/v2.9.17"}],"affected":[{"package":{"name":"joplin","ecosystem":"npm","purl":"pkg:npm/joplin"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"2.9.17"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-h6c2-879r-jffh/GHSA-h6c2-879r-jffh.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}