CVE-2018-13433

Name of the Vulnerable Software and Affected Versions Boostnote version 0.11.7

Description The issue allows for XSS during the highlighting of Markdown text. This can be demonstrated by an onerror attribute of an IMG element, such as an onerror attribute, which can lead to the execution of malicious code.

Recommendations For Boostnote version 0.11.7, consider disabling the Markdown highlighting feature until a patch is available to prevent potential XSS attacks. Restrict the use of IMG elements with onerror attributes in Markdown text to minimize the risk of exploitation.