Cross Site Scripting vulnerability in Joplin Desktop App before v2.9.17 allows malicious user to execute arbitrary code via improper santization.
joplin project joplin