CVE-2019-12184

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-12184

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-12184.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-12184

Published

2019-05-19T19:29:00.267Z

Modified

2026-04-10T04:15:28.252419Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

There is XSS in browser/components/MarkdownPreview.js in BoostIO Boostnote 0.11.15 via a label named flowchart, sequence, gallery, or chart, as demonstrated by a crafted SRC attribute of an IFRAME element, a different vulnerability than CVE-2019-12136.

References

https://gist.github.com/rebirthwyw/9836b2445abd4c1358e3d68ff2415247

Affected packages

Git / github.com/boostio/boostnote

Affected ranges

Type

GIT

Repo

https://github.com/boostio/boostnote

Events

Introduced

Last affected

78c00b17229718f95cd3204b36da4b37143c26d3

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.11.15"
        }
    ]
}

Affected versions

0.*

0.2.1

Other

prototype#1

v.*

v.0.8.11

v0.*

v0.1

v0.1.1

v0.11.11

v0.11.12

v0.11.13

v0.11.14

v0.11.15

v0.11.2

v0.11.3

v0.11.4

v0.11.6

v0.11.7

v0.11.8

v0.11.9

v0.5.0

v0.5.1

v0.5.10

v0.5.11

v0.5.12

v0.5.2

v0.5.3

v0.5.4

v0.5.5

v0.5.5-pre

v0.5.6

v0.5.7

v0.5.8

v0.5.9

v0.6.0

v0.6.1

v0.6.2

v0.7.0

v0.7.1

v0.7.2

v0.7.3

v0.7.4

v0.7.5

v0.8.1

v0.8.12

v0.8.13

v0.8.14

v0.8.15

v0.8.16

v0.8.17

v0.8.18

v0.8.19

v0.8.2

v0.8.21

v0.8.3

v0.8.4

v0.8.5

v0.8.7

v0.8.8

v0.8.9

v0.9.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-12184.json"