Exploit Title: Joplin 126 Cross Site Scripting
Date: 2020-10-27
Exploit Author: Philip Holbrook (@fhlipZero)
Vendor Homepage: joplinapporg/
Software Link: githubcom/laurent22/joplin/releases/tag/v126
Version: 126
Tested on: Windows / Mac
CVE : CVE-2020-28249
References:
PENDING next release
Technical Details
An XSS issue in Joplin for de