Skip to main content

Boostnote

4 CVEs product

Monthly

CVE-2021-41392 CRITICAL POC Act Now

static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Boostnote
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2019-12184 MEDIUM POC This Month

There is XSS in browser/components/MarkdownPreview.js in BoostIO Boostnote 0.11.15 via a label named flowchart, sequence, gallery, or chart, as demonstrated by a crafted SRC attribute of an IFRAME. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Boostnote
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-12136 MEDIUM POC This Month

There is XSS in BoostIO Boostnote 0.11.15 via a label named mermaid, as demonstrated by a crafted SRC attribute of an IFRAME element. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Boostnote
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-13433 MEDIUM POC This Month

Boostnote v0.11.7 allows XSS during highlighting of Markdown text, as demonstrated by an onerror attribute of an IMG element. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Boostnote
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Boostnote
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

There is XSS in browser/components/MarkdownPreview.js in BoostIO Boostnote 0.11.15 via a label named flowchart, sequence, gallery, or chart, as demonstrated by a crafted SRC attribute of an IFRAME. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Boostnote
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

There is XSS in BoostIO Boostnote 0.11.15 via a label named mermaid, as demonstrated by a crafted SRC attribute of an IFRAME element. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Boostnote
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Boostnote v0.11.7 allows XSS during highlighting of Markdown text, as demonstrated by an onerror attribute of an IMG element. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Boostnote
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy