joplin — Vulnerabilities & Security Advisories 14

All 14 CVE vulnerabilities found in joplin, with AI-generated Chinese analysis, references, and POCs.

Vendor: n/a

CVE ID	Title	CVSS	Severity	Published
CVE-2025-27134	Privilege escalation in Joplin server via user patch endpoint CWE-284	8.8	High	2025-04-30
CVE-2025-27409	Joplin Server Vulnerable to Path Traversal CWE-22	7.5	High	2025-04-30
CVE-2025-25187	Cross-site Scripting in Goto Anything allows arbitrary code execution in Joplin CWE-79	7.8	High	2025-02-07
CVE-2025-24028	Cross-site Scripting (XSS) in Rich Text Editor allows arbitrary code execution in Joplin CWE-79	7.8	High	2025-02-07
CVE-2024-55630	DOM Clobbering leads to temporary DOS in the note viewer in Joplin CWE-20	3.3	Low	2025-02-07
CVE-2024-53268	Lack of validation on openExternal allows 1 click remote code execution in joplin CWE-94	7.3	High	2024-11-25
CVE-2024-49362	Remote Code Execution on click of <a> Link in markdown preview CWE-94	7.7	High	2024-11-14
CVE-2024-40643	Joplin has a parsing error leading to Cross-site Scripting (XSS) CWE-79	9.7	Critical	2024-09-09
CVE-2023-37898	Safe mode Cross-site Scripting (XSS) vulnerability in Joplin CWE-79	8.2	High	2024-06-21
CVE-2023-38506	Cross-site Scripting (XSS) when pasting HTML into the rich text editor in Joplin CWE-79	8.2	High	2024-06-21
CVE-2023-39517	Cross site scripting (XSS) when clicking on an untrusted `<map>` link in Joplin CWE-79	8.2	High	2024-06-21
CVE-2023-45673	Arbitrary code execution on click of PDF links in Joplin CWE-94	8.9	High	2024-06-21
CVE-2022-40277	Joplin 输入验证错误漏洞	7.8	-	2022-09-30
CVE-2021-23431	Cross-site Request Forgery (CSRF)	5.4	Medium	2021-08-24

All 14 known CVE vulnerabilities affecting joplin with full Chinese analysis, references, and POCs where available.