VYPR
Vendor

Boostio

Products
1
CVEs
3
Across products
3
Status
Private

Products

1

Recent CVEs

3
  • CVE-2018-13433MedJul 8, 2018
    risk 0.40cvss 6.1epss 0.01

    Boostnote v0.11.7 allows XSS during highlighting of Markdown text, as demonstrated by an onerror attribute of an IMG element.

  • CVE-2019-12184MedMay 19, 2019
    risk 0.35cvss 5.4epss 0.01

    There is XSS in browser/components/MarkdownPreview.js in BoostIO Boostnote 0.11.15 via a label named flowchart, sequence, gallery, or chart, as demonstrated by a crafted SRC attribute of an IFRAME element, a different vulnerability than CVE-2019-12136.

  • CVE-2019-12136MedMay 16, 2019
    risk 0.35cvss 5.4epss 0.01

    There is XSS in BoostIO Boostnote 0.11.15 via a label named mermaid, as demonstrated by a crafted SRC attribute of an IFRAME element.