-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from unescaped user input in the markdown renderer's code block handling. The commit diff shows:
${lang} directly in HTML attributesdata-joplin-language attribute containing SVG payload| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| joplin | npm | < 2.9.17 | 2.9.17 |