Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
boostnote boostnote vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2021-41392
static/main-preload.js in Boost Note up to and including 0.22.0 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal Electron API.
Boostnote Boostnote
4.3
CVSSv2
CVE-2018-13433
Boostnote v0.11.7 allows XSS during highlighting of Markdown text, as demonstrated by an onerror attribute of an IMG element.
Boostnote Boostnote 0.11.7
3.5
CVSSv2
CVE-2020-19924
In Boostnote 0.12.1, exporting to PDF contains opportunities for XSS attacks.
Issuehunt Boostnote 0.12.1
3.5
CVSSv2
CVE-2019-12136
There is XSS in BoostIO Boostnote 0.11.15 via a label named mermaid, as demonstrated by a crafted SRC attribute of an IFRAME element.
Boostio Boostnote 0.11.15
3.5
CVSSv2
CVE-2019-12184
There is XSS in browser/components/MarkdownPreview.js in BoostIO Boostnote 0.11.15 via a label named flowchart, sequence, gallery, or chart, as demonstrated by a crafted SRC attribute of an IFRAME element, a different vulnerability than CVE-2019-12136.
Boostio Boostnote 0.11.15
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started