PT-2018-11820 · Boostnote · Boostnote

Published

2018-07-08

Updated

2018-08-28

CVE-2018-13433

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Boostnote version 0.11.7

Description The issue allows for XSS during the highlighting of Markdown text. This can be demonstrated by an onerror attribute of an IMG element, such as an onerror attribute, which can lead to the execution of malicious code.

Recommendations For Boostnote version 0.11.7, consider disabling the Markdown highlighting feature until a patch is available to prevent potential XSS attacks. Restrict the use of IMG elements with onerror attributes in Markdown text to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-13433

Affected Products

Boostnote

PT-2018-11820 · Boostnote · Boostnote

CVE-2018-13433

Weakness Enumeration

Related Identifiers

Affected Products

References · 3