Upgrade org.apache.struts:struts2-core to version 2.3.32, 2.5.10.1 or higher.

@joplin/renderer 2.0.2 vulnerabilities

Known vulnerabilities in the @joplin/renderer package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) @joplin/renderer is a renderer used by Joplin to render notes in Markdown or HTML format. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to insufficient sanitization in the `sanitizeHtml()` function. An attacker can execute shell commands by spinning up a local server that serves a page with malicious scripts and convincing a user to follow a malicious link from a note whose contents includes a `<map>` or `<area>` element pointing to the malicious site. How to fix Cross-site Scripting (XSS)? Upgrade `@joplin/renderer` to version 2.12.1 or higher.	<2.12.1
M Cross-site Scripting (XSS) @joplin/renderer is a renderer used by Joplin to render notes in Markdown or HTML format. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in `MarkupToHtml.ts`, which accepts arbitrary HTML in `<pre>` tags and renders it. An attacker can execute code included in a note by injecting it after a `</pre>` tag, and convincing a user running in safe mode to open the note. How to fix Cross-site Scripting (XSS)? Upgrade `@joplin/renderer` to version 2.12.1 or higher.	<2.12.1
M Cross-site Scripting (XSS) @joplin/renderer is a renderer used by Joplin to render notes in Markdown or HTML format. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization passed via a `USE` element in an SVG document. How to fix Cross-site Scripting (XSS)? Upgrade `@joplin/renderer` to version 2.11.1 or higher.	<2.11.1
M Cross-site Scripting (XSS) @joplin/renderer is a renderer used by Joplin to render notes in Markdown or HTML format. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization. Exploiting this vulnerability is possible via an `AREA` element of an image map. How to fix Cross-site Scripting (XSS)? Upgrade `@joplin/renderer` to version 2.11.1 or higher.	<2.11.1
M Cross-site Scripting (XSS) @joplin/renderer is a renderer used by Joplin to render notes in Markdown or HTML format. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) when a specially crafted string is passed to the renderer, due to improper user-input sanitization. How to fix Cross-site Scripting (XSS)? Upgrade `@joplin/renderer` to version 2.10.1 or higher.	<2.10.1

Vulnerability

Vulnerable Version

Cross-site Scripting (XSS)

@joplin/renderer is a renderer used by Joplin to render notes in Markdown or HTML format.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to insufficient sanitization in the sanitizeHtml() function. An attacker can execute shell commands by spinning up a local server that serves a page with malicious scripts and convincing a user to follow a malicious link from a note whose contents includes a <map> or <area> element pointing to the malicious site.