An XSS issue in Joplin desktop allows arbitrary code execution via a malicious HTML embed tag.
References
- https://nvd.nist.gov/vuln/detail/CVE-2020-15930
- https://github.com/laurent22/joplin/issues/3552
- https://github.com/laurent22/joplin/releases/tag/v1.1.4
- http://packetstormsecurity.com/files/159316/Joplin-1.0.245-Cross-Site-Scripting-Code-Execution.html
- https://github.com/laurent22/joplin/commit/57d750bc9aeb0f98d53ed4b924458b54984c15ff
- https://github.com/advisories/GHSA-cgc7-mwp4-3ccx