XSS Vulnerability in BoostIO Boostnote 0.11.15 via Flowchart, Sequence, Gallery, or Chart Label in MarkdownPreview.js

XSS Vulnerability in BoostIO Boostnote 0.11.15 via Flowchart, Sequence, Gallery, or Chart Label in MarkdownPreview.js

CVE-2019-12184 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

There is XSS in browser/components/MarkdownPreview.js in BoostIO Boostnote 0.11.15 via a label named flowchart, sequence, gallery, or chart, as demonstrated by a crafted SRC attribute of an IFRAME element, a different vulnerability than CVE-2019-12136.

Learn more about our Web Application Penetration Testing UK.