Laurent Cozic

11 exploits Active since Jun 2018
CVE-2025-57798 WRITEUP MEDIUM WRITEUP
Joplin has Denial of Service (DoS) via Uncontrolled Resource Allocation through Title Input
Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.6.14 and prior contain a Denial of Service (DoS) vulnerability in the title input functionality due to a lack of proper length validation. This flaw allows an attacker to cause an Out Of Memory (OOM) error and subsequent program termination by inserting an excessively long string into a note's title. This can be triggered either through direct user interface (UI) input or programmatically via the local web service API after compromising an authentication token. There are 2 primary methods of exploitation: via User Interface (UI) Input, and the Local Web Service API. A local user can directly type or paste an extremely long string into the title field when creating or editing a note Joplin runs a local web service (typically on port 41184) that allows programmatic interaction, such as creating or editing notes via HTTP API calls. If an attacker manages to exfiltrate or compromise the user's authentication token (e.g., through malware on the local system, or other local vulnerabilities), they can then send a crafted HTTP POST request to this local API. By including an excessively long string in the title parameter of this request, the application will attempt to allocate an unbounded amount of memory. This issue has been patched in version 3.7.1.
CVSS 5.5
CVE-2020-9038 WRITEUP MEDIUM WRITEUP
Joplin < 1.0.184 - Stored Cross-Site Scripting and Arbitrary File Read
Joplin through 1.0.184 allows Arbitrary File Read via XSS.
CVSS 5.4
CVE-2018-1000534 WRITEUP MEDIUM WRITEUP
Joplin < 1.0.90 - Stored Cross-Site Scripting in Note Content Field
Joplin version prior to 1.0.90 contains a XSS evolving into code execution due to enabled nodeIntegration for that particular BrowserWindow instance where XSS was identified from vulnerability in Note content field - information on the fix can be found here https://github.com/laurent22/joplin/commit/494e235e18659574f836f84fcf9f4d4fcdcfcf89 that can result in executing unauthorized code within the rights in which the application is running. This attack appear to be exploitable via Victim synchronizing notes from the cloud services or other note-keeping services which contain malicious code. This vulnerability appears to have been fixed in 1.0.90 and later.
CVSS 6.1
CVE-2021-23431 WRITEUP MEDIUM WRITEUP
Joplin < 2.3.2 - Cross-Site Request Forgery
The package joplin before 2.3.2 are vulnerable to Cross-site Request Forgery (CSRF) due to missing CSRF checks in various forms.
CVSS 5.4
CVE-2021-33295 WRITEUP MEDIUM WRITEUP
Joplin < 1.8.5 - Stored Cross-Site Scripting via Improper HTML Sanitization
Cross Site Scripting (XSS) vulnerability in Joplin Desktop App before 1.8.5 allows attackers to execute aribrary code due to improper sanitizing of html.
CVSS 5.4
CVE-2021-37916 WRITEUP MEDIUM WRITEUP
Joplin < 2.0.9 - Stored Cross-Site Scripting via Note Body Buttons and Forms
Joplin before 2.0.9 allows XSS via button and form in the note body.
CVSS 6.1
CVE-2022-45598 WRITEUP MEDIUM WRITEUP
Joplin < 2.9.17 - Cross-Site Scripting via Improper Sanitization
Cross Site Scripting vulnerability in Joplin Desktop App before v2.9.17 allows attacker to execute arbitrary code via improper santization.
CVSS 6.1
CVE-2023-37298 WRITEUP MEDIUM WRITEUP
Joplin < 2.11.5 - Cross-Site Scripting via SVG USE Element
Joplin before 2.11.5 allows XSS via a USE element in an SVG document.
CVSS 6.1
CVE-2023-37299 WRITEUP MEDIUM WRITEUP
Joplin < 2.11.5 - Cross-Site Scripting via Image Map AREA Element
Joplin before 2.11.5 allows XSS via an AREA element of an image map.
CVSS 6.1
CVE-2025-24028 WRITEUP HIGH WRITEUP
Joplin < 3.2.12 - Stored Cross-Site Scripting via HTML Comment Handling
Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by differences between how Joplin's HTML sanitizer handles comments and how the browser handles comments. This affects both the Rich Text Editor and the Markdown viewer. However, unlike the Rich Text Editor, the Markdown viewer is `cross-origin isolated`, which prevents JavaScript from directly accessing functions/variables in the toplevel Joplin `window`. This issue is not present in Joplin 3.1.24 and may have been introduced in `9b50539`. This is an XSS vulnerability that impacts users that open untrusted notes in the Rich Text Editor. This vulnerability has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 7.8
CVE-2025-27134 WRITEUP HIGH WRITEUP
Joplin 3.3.3 Server - Privilege Escalation
Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Prior to version 3.3.3, a privilege escalation vulnerability exists in the Joplin server, allowing non-admin users to exploit the API endpoint `PATCH /api/users/:id` to set the `is_admin` field to 1. The vulnerability allows malicious low-privileged users to perform administrative actions without proper authorization. This issue has been patched in version 3.3.3.
CVSS 8.8