{"id":"CVE-2020-9038","details":"Joplin through 1.0.184 allows Arbitrary File Read via XSS.","aliases":["GHSA-6r7x-hc8m-985r"],"modified":"2025-11-14T11:10:37.027615Z","published":"2020-02-17T16:15:28.867Z","references":[{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/156582/Joplin-Desktop-1.0.184-Cross-Site-Scripting.html"},{"type":"FIX","url":"https://github.com/laurent22/joplin/commit/3db47b575b9cb0a765da3d283baa2c065df0d0bc"},{"type":"FIX","url":"https://github.com/laurent22/joplin/compare/clipper-1.0.19...clipper-1.0.20"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/laurent22/joplin","events":[{"introduced":"0"},{"fixed":"3db47b575b9cb0a765da3d283baa2c065df0d0bc"}]}],"versions":["0.10.0","android-v0.10.61","android-v0.10.62","android-v0.10.65","android-v0.10.66","android-v0.10.69","android-v0.10.71","android-v0.10.74","android-v0.10.75","android-v0.10.78","android-v0.10.79","android-v0.10.81","android-v0.10.83","android-v0.10.85","android-v0.10.86","android-v0.10.88","android-v0.10.89","android-v0.10.90","android-v0.10.91","android-v0.10.92","android-v1.0.100","android-v1.0.101","android-v1.0.102","android-v1.0.103","android-v1.0.104","android-v1.0.106","android-v1.0.107","android-v1.0.110","android-v1.0.112","android-v1.0.113","android-v1.0.114","android-v1.0.115","android-v1.0.116","android-v1.0.118","android-v1.0.119","android-v1.0.120","android-v1.0.122","android-v1.0.123","android-v1.0.124","android-v1.0.125","android-v1.0.127","android-v1.0.128","android-v1.0.129","android-v1.0.131","android-v1.0.132","android-v1.0.133","android-v1.0.135","android-v1.0.138","android-v1.0.140","android-v1.0.141","android-v1.0.142","android-v1.0.143","android-v1.0.148","android-v1.0.151","android-v1.0.174","android-v1.0.175","android-v1.0.176","android-v1.0.177","android-v1.0.178","android-v1.0.179","android-v1.0.181","android-v1.0.200","android-v1.0.201","android-v1.0.224","android-v1.0.225","android-v1.0.232","android-v1.0.233","android-v1.0.234","android-v1.0.235","android-v1.0.236","android-v1.0.237","android-v1.0.238","android-v1.0.239","android-v1.0.240","android-v1.0.241","android-v1.0.242","android-v1.0.243","android-v1.0.244","android-v1.0.245","android-v1.0.246","android-v1.0.248","android-v1.0.251","android-v1.0.252","android-v1.0.253","android-v1.0.254","android-v1.0.255","android-v1.0.260","android-v1.0.261","android-v1.0.269","android-v1.0.271","android-v1.0.276","android-v1.0.277","android-v1.0.279","android-v1.0.281","android-v1.0.282","android-v1.0.283","android-v1.0.284","android-v1.0.289","android-v1.0.290","android-v1.0.291","android-v1.0.292","android-v1.0.293","android-v1.0.294","android-v1.0.299","android-v1.0.303","android-v1.0.304","android-v1.0.305","android-v1.0.306","android-v1.0.307","android-v1.0.308","android-v1.0.309","android-v1.0.310","android-v1.0.311","android-v1.0.312","android-v1.0.313","android-v1.0.314","android-v1.0.315","android-v1.0.316","android-v1.0.317","android-v1.0.318","android-v1.0.94","android-v1.0.95","android-v1.0.97","android-v1.0.98","cli-v0.10.83","cli-v0.10.84","cli-v0.10.85","cli-v0.10.86","cli-v0.10.87","cli-v0.10.90","cli-v0.10.91","cli-v0.10.92","cli-v0.10.93","cli-v1.0.100","cli-v1.0.101","cli-v1.0.103","cli-v1.0.104","cli-v1.0.106","cli-v1.0.107","cli-v1.0.108","cli-v1.0.109","cli-v1.0.110","cli-v1.0.113","cli-v1.0.114","cli-v1.0.115","cli-v1.0.116","cli-v1.0.117","cli-v1.0.118","cli-v1.0.119","cli-v1.0.120","cli-v1.0.122","cli-v1.0.123","cli-v1.0.124","cli-v1.0.125","cli-v1.0.126","cli-v1.0.127","cli-v1.0.128","cli-v1.0.129","cli-v1.0.133","cli-v1.0.135","cli-v1.0.136","cli-v1.0.137","cli-v1.0.139","cli-v1.0.140","cli-v1.0.141","cli-v1.0.145","cli-v1.0.146","cli-v1.0.147","cli-v1.0.148","cli-v1.0.149","cli-v1.0.150","cli-v1.0.153","cli-v1.0.154","cli-v1.0.155","cli-v1.0.95","cli-v1.0.96","cli-v1.0.97","cli-v1.0.98","cli-v1.0.99","clipper-1.0.10","clipper-1.0.12","clipper-1.0.13","clipper-1.0.14","clipper-1.0.15","clipper-1.0.16","clipper-1.0.17","clipper-1.0.18","clipper-1.0.19","clipper-1.0.7","clipper-1.0.8","ios-v0.10.26","ios-v0.10.6","ios-v0.10.9","ios-v1.0.13","ios-v10.0.21","ios-v10.0.22","ios-v10.0.23","ios-v10.0.24","ios-v10.0.27","ios-v10.0.29","ios-v10.0.30","ios-v10.0.31","ios-v10.0.33","ios-v10.0.34","ios-v10.0.35","ios-v10.0.36","ios-v10.0.37","ios-v10.0.39","ios-v10.0.40","ios-v10.0.41","ios-v10.0.43","ios-v10.0.44","list","untagged-6ad6c38d382d9cf912e5","v0.10.0","v0.10.1","v0.10.14","v0.10.15","v0.10.16","v0.10.17","v0.10.18","v0.10.19","v0.10.2","v0.10.20","v0.10.21","v0.10.22","v0.10.23","v0.10.24","v0.10.25","v0.10.26","v0.10.27","v0.10.28","v0.10.29","v0.10.3","v0.10.30","v0.10.31","v0.10.32","v0.10.33","v0.10.34","v0.10.35","v0.10.36","v0.10.37","v0.10.38","v0.10.39","v0.10.4","v0.10.40","v0.10.41","v0.10.42","v0.10.43","v0.10.44","v0.10.45","v0.10.46","v0.10.47","v0.10.48","v0.10.49","v0.10.5","v0.10.50","v0.10.51","v0.10.52","v0.10.53","v0.10.54","v0.10.55","v0.10.56","v0.10.57","v0.10.58","v0.10.59","v0.10.59-android","v0.10.6","v0.10.60","v0.10.61","v0.10.65","v0.10.7","v0.10.8","v0.10.9","v0.10.92","v1.0.100","v1.0.101","v1.0.102","v1.0.103","v1.0.104","v1.0.105","v1.0.106","v1.0.107","v1.0.108","v1.0.109","v1.0.110","v1.0.111","v1.0.112","v1.0.113","v1.0.114","v1.0.115","v1.0.116","v1.0.117","v1.0.118","v1.0.119","v1.0.120","v1.0.123","v1.0.124","v1.0.125","v1.0.126","v1.0.127","v1.0.128","v1.0.129","v1.0.130","v1.0.131","v1.0.132","v1.0.133","v1.0.134","v1.0.135","v1.0.136","v1.0.137","v1.0.138","v1.0.139","v1.0.140","v1.0.142","v1.0.143","v1.0.144","v1.0.145","v1.0.147","v1.0.148","v1.0.149","v1.0.150","v1.0.151","v1.0.152","v1.0.153","v1.0.154","v1.0.155","v1.0.156","v1.0.157","v1.0.158","v1.0.159","v1.0.160","v1.0.161","v1.0.162","v1.0.163","v1.0.164","v1.0.165","v1.0.166","v1.0.167","v1.0.168","v1.0.169","v1.0.170","v1.0.171","v1.0.172","v1.0.173","v1.0.174","v1.0.175","v1.0.176","v1.0.177","v1.0.178","v1.0.179","v1.0.181","v1.0.182","v1.0.183","v1.0.184","v1.0.62","v1.0.63","v1.0.64","v1.0.65","v1.0.66","v1.0.67","v1.0.68","v1.0.69","v1.0.70","v1.0.71","v1.0.72","v1.0.73","v1.0.74","v1.0.75","v1.0.76","v1.0.77","v1.0.78","v1.0.79","v1.0.80","v1.0.81","v1.0.82","v1.0.83","v1.0.84","v1.0.85","v1.0.86","v1.0.87","v1.0.88","v1.0.89","v1.0.90","v1.0.91","v1.0.92","v1.0.93","v1.0.94","v1.0.95","v1.0.96","v1.0.97","v1.0.98","v1.0.99"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-9038.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}