CVE-2019-12136 (boostnote)

There is XSS in BoostIO Boostnote 0.11.15 via a label named mermaid, as demonstrated by a crafted SRC attribute of an IFRAME element.
Source: NIST
CVE-2019-12136 (boostnote)