Vulnerability DatabaseCVE-2024-55630
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2024-55630
February 07, 2025
Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Joplin's HTML sanitizer allows the "name" attribute to be specified. If "name" is set to the same value as an existing "document" property (e.g. "querySelector"), that property is replaced with the element. This vulnerability's only known impact is denial of service. The note viewer fails to refresh until closed and re-opened with a different note. This issue has been addressed in version 3.2.8 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Related ResourcesĀ (3)
https://en.wikipedia.org/wiki/DOM_clobbering
https://github.com/laurent22/joplin/commit/e70efcbd60ce62f06e77c183b362c74e636c02d9
https://github.com/laurent22/joplin/security/advisories/GHSA-5cch-jr52-qffh
Do you need more information?
Contact Us
CVSS v4
Base Score:
4.8
Attack Vector
LOCAL
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
PASSIVE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
3.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
LOW
Weakness Type (CWE)
Improper Input Validation
CWE-20
EPSS
Base Score:
0.04