Joplin up to and including 1.0.184 allows Arbitrary File Read via XSS.
joplin project joplin
Disclosure report of CVE-2020-9038
CVE-2020-9038 Disclosure report of CVE-2020-9038 More info: githubcom/laurent22/joplin/commit/3db47b575b9cb0a765da3d283ba nvdnistgov/vuln/detail/CVE-2020-9038 cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2020-9038