XSS Vulnerability in Boostnote v0.11.7: Markdown Text Highlighting Exploit

XSS Vulnerability in Boostnote v0.11.7: Markdown Text Highlighting Exploit

CVE-2018-13433 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Boostnote v0.11.7 allows XSS during highlighting of Markdown text, as demonstrated by an onerror attribute of an IMG element.

Learn more about our Web Application Penetration Testing UK.