Miggo Logo
Miggo Vulnerability Database
CVE-2020-9038

CVE-2020-9038: Cross-site Scripting in Joplin

5.4

CVSS Score
3.1

Basic Information

CVE ID
CVE-2020-9038
GHSA ID
GHSA-6r7x-hc8m-985r
EPSS Score
0.77801%
CWE
CWE-79
Published
10/13/2020
Updated
2/1/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
joplinnpm< 1.2.11.2.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from insufficient HTML sanitization in rendering pipelines. Key evidence includes: 1) The commit adds a new sanitize_html rule to MdToHtml that removes JS event handlers 2) Added test cases demonstrate removal of onerror attributes from img tags 3) htmlUtils.js was modified to add sanitizeHtml() method using node-html-parser 4) The XSS vulnerability allowed file read through script execution, implying rendering functions processed untrusted HTML/Markdown without proper sanitization. The pre-patch versions lacked these sanitization steps, making the image processing and markdown rendering functions vulnerable.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Joplin t*rou** *.*.*** *llows *r*itr*ry *il* R*** vi* *ross-sit* S*riptin* (XSS).

Reasoning

T** vuln*r**ility st*mm** *rom insu**i*i*nt *TML s*nitiz*tion in r*n**rin* pip*lin*s. K*y *vi**n** in*lu**s: *) T** *ommit ***s * n*w `s*nitiz*_*tml` rul* to `M*To*tml` t**t r*mov*s JS *v*nt **n*l*rs *) ***** t*st **s*s **monstr*t* r*mov*l o* `on*rro