CVE-2021-33295 : JOPLIN DESKTOP APP UP TO 1.8.4 CROSS SITE SCRIPTING

Description

Cross Site Scripting (XSS) vulnerability in Joplin Desktop App before 1.8.5 allows attackers to execute aribrary code due to improper sanitizing of html.

References

https://github.com/laurent22/joplin/commit/9c20d5947d1fa4678a8b640792ff3d31224f0adf

https://github.com/laurent22/joplin/releases/tag/v1.8.5

https://the-it-wonders.blogspot.com/2021/05/joplin-app-desktop-version-vulnerable.html

For More Information

MITRE

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2022-2641 : HORNER AUTOMATION RCC 972 15.40 HARD-CODED KEY

CVE-2022-2641 : HORNER AUTOMATION RCC 972 15.40 HARD-CODED KEY

Description Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow

CVE-2022-3270 : FESTO VTEM-S1 INSUFFICIENT TECHNICAL DOCUMENTATION

CVE-2022-3270 : FESTO VTEM-S1 INSUFFICIENT TECHNICAL DOCUMENTATION

Description In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protocol which could lead

CVE-2022-4221 : ASUS NAS-M25 UP TO 1.0.1.7 COOKIE OS COMMAND INJECTION

CVE-2022-4221 : ASUS NAS-M25 UP TO 1.0.1.7 COOKIE OS COMMAND INJECTION

Description Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Asus NAS-M25 allows an