PT-2021-10419 · Boostnote · Boostnote
Published
2021-05-18
·
Updated
2021-05-24
·
CVE-2020-19924
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Boostnote version 0.12.1
Description:
The issue allows for XSS attacks when exporting to PDF.
Recommendations:
For version 0.12.1, avoid exporting notes to PDF until a patch is available. As a temporary workaround, consider disabling the export to PDF feature to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Boostnote