Typora Typora

23 CVEs affecting Typora Typora. Latest disclosed: 2024-08-12. Critical: 1, High: 6.

Top CVEs affecting Typora Typora
CVESeverityScorePublishedSummary
CVE-2019-20374Critical9.62020-01-09A mutation cross-site scripting (XSS) issue in Typora through 0.9.9.31.2 on macOS and through 0.9.81 on Linux leads to Remote Code Execution through Mermaid co…
CVE-2023-2317High8.62023-08-19DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows and Linux allows a crafted markdown file to run arbitrary JavaScript code in the context…
CVE-2019-12172High7.82019-05-17Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\…
CVE-2019-12137High7.82019-05-16Typora 0.9.9.24.6 on macOS allows directory traversal, for execution of arbitrary programs, via a file:/// or ../ substring in a shared note.
CVE-2020-18336High7.42023-10-10Cross Site Scripting (XSS) vulnerability found in Typora v.0.9.65 allows a remote attacker to obtain sensitive information via the PDF file exporting function.
CVE-2023-2316High7.42023-08-19Improper path handling in Typora before 1.6.7 on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via…
CVE-2024-33300High7.32024-05-01Typora v1.0.0 through v1.7 version (below) Markdown editor has a cross-site scripting (XSS) vulnerability, which allows attackers to execute arbitrary code by…
CVE-2023-2971Medium6.32023-08-19Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers…
CVE-2024-41482Medium6.12024-08-12Typora before 1.9.3 Markdown editor has a cross-site scripting (XSS) vulnerability via the MathJax component.
CVE-2024-41481Medium6.12024-08-12Typora before 1.9.3 Markdown editor has a cross-site scripting (XSS) vulnerability via the Mermaid component.
CVE-2024-31784Medium6.12024-04-16An issue in Typora v.1.8.10 and before, allows a local attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the src com…
CVE-2024-31783Medium6.12024-04-16Cross Site Scripting (XSS) vulnerability in Typora v.1.6.7 and before, allows a local attacker to obtain sensitive information via a crafted script during mark…
CVE-2023-39703Medium6.12023-09-01A cross site scripting (XSS) vulnerability in the Markdown Editor component of Typora v1.6.7 allows attackers to execute arbitrary code via uploading a crafted…
CVE-2020-21058Medium6.12023-06-20Cross Site Scripting vulnerability in Typora v.0.9.79 allows a remote attacker to execute arbitrary code via the mermaid sytax.
CVE-2022-40011Medium6.12022-12-23Typora through 1.3.8 allows XSS if a document containing an SVG element with an attacker-controlled onload attribute is exported and then used at a victim's or…
CVE-2022-43668Medium6.12022-12-07Typora versions prior to 1.4.4 fails to properly neutralize JavaScript code, which may result in executing JavaScript code contained in the file when opening a…
CVE-2020-18748Medium6.12021-08-19Cross Site Scripting (XSS) in Typora v0.9.65 allows attackers to execute arbitrary code via mathjax syntax due to a mathjax configuration error in the mathemat…
CVE-2020-18221Medium6.12021-05-26Cross Site Scripting (XSS) in Typora v0.9.65 and earlier allows remote attackers to execute arbitrary code by injecting commands during block rendering of a ma…
CVE-2020-18737Medium6.12021-02-05An issue was discovered in Typora 0.9.67. There is an XSS vulnerability that causes Remote Code Execution.
CVE-2019-7296Medium6.12019-01-31typora through 0.9.64 has XSS, with resultant remote command execution, during inline rendering of a mathematical formula.