static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal Electron...
9.8CVSS
9.3AI Score
0.007EPSS
5.4CVSS
6.5AI Score
0.001EPSS
There is XSS in browser/components/MarkdownPreview.js in BoostIO Boostnote 0.11.15 via a label named flowchart, sequence, gallery, or chart, as demonstrated by a crafted SRC attribute of an IFRAME element, a different vulnerability than...
5.4CVSS
5.2AI Score
0.001EPSS
There is XSS in BoostIO Boostnote 0.11.15 via a label named mermaid, as demonstrated by a crafted SRC attribute of an IFRAME...
5.4CVSS
5.2AI Score
0.001EPSS
Boostnote v0.11.7 allows XSS during highlighting of Markdown text, as demonstrated by an onerror attribute of an IMG...
6.1CVSS
6.5AI Score
0.001EPSS