Typora Typora
23 CVEs affecting Typora Typora. Latest disclosed: 2024-08-12. Critical: 1, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-20374 | Critical | 9.6 | 2020-01-09 | A mutation cross-site scripting (XSS) issue in Typora through 0.9.9.31.2 on macOS and through 0.9.81 on Linux leads to Remote Code Execution through Mermaid co… |
CVE-2023-2317 | High | 8.6 | 2023-08-19 | DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows and Linux allows a crafted markdown file to run arbitrary JavaScript code in the context… |
CVE-2019-12172 | High | 7.8 | 2019-05-17 | Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\… |
CVE-2019-12137 | High | 7.8 | 2019-05-16 | Typora 0.9.9.24.6 on macOS allows directory traversal, for execution of arbitrary programs, via a file:/// or ../ substring in a shared note. |
CVE-2020-18336 | High | 7.4 | 2023-10-10 | Cross Site Scripting (XSS) vulnerability found in Typora v.0.9.65 allows a remote attacker to obtain sensitive information via the PDF file exporting function. |
CVE-2023-2316 | High | 7.4 | 2023-08-19 | Improper path handling in Typora before 1.6.7 on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via… |
CVE-2024-33300 | High | 7.3 | 2024-05-01 | Typora v1.0.0 through v1.7 version (below) Markdown editor has a cross-site scripting (XSS) vulnerability, which allows attackers to execute arbitrary code by… |
CVE-2023-2971 | Medium | 6.3 | 2023-08-19 | Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers… |
CVE-2024-41482 | Medium | 6.1 | 2024-08-12 | Typora before 1.9.3 Markdown editor has a cross-site scripting (XSS) vulnerability via the MathJax component. |
CVE-2024-41481 | Medium | 6.1 | 2024-08-12 | Typora before 1.9.3 Markdown editor has a cross-site scripting (XSS) vulnerability via the Mermaid component. |
CVE-2024-31784 | Medium | 6.1 | 2024-04-16 | An issue in Typora v.1.8.10 and before, allows a local attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the src com… |
CVE-2024-31783 | Medium | 6.1 | 2024-04-16 | Cross Site Scripting (XSS) vulnerability in Typora v.1.6.7 and before, allows a local attacker to obtain sensitive information via a crafted script during mark… |
CVE-2023-39703 | Medium | 6.1 | 2023-09-01 | A cross site scripting (XSS) vulnerability in the Markdown Editor component of Typora v1.6.7 allows attackers to execute arbitrary code via uploading a crafted… |
CVE-2020-21058 | Medium | 6.1 | 2023-06-20 | Cross Site Scripting vulnerability in Typora v.0.9.79 allows a remote attacker to execute arbitrary code via the mermaid sytax. |
CVE-2022-40011 | Medium | 6.1 | 2022-12-23 | Typora through 1.3.8 allows XSS if a document containing an SVG element with an attacker-controlled onload attribute is exported and then used at a victim's or… |
CVE-2022-43668 | Medium | 6.1 | 2022-12-07 | Typora versions prior to 1.4.4 fails to properly neutralize JavaScript code, which may result in executing JavaScript code contained in the file when opening a… |
CVE-2020-18748 | Medium | 6.1 | 2021-08-19 | Cross Site Scripting (XSS) in Typora v0.9.65 allows attackers to execute arbitrary code via mathjax syntax due to a mathjax configuration error in the mathemat… |
CVE-2020-18221 | Medium | 6.1 | 2021-05-26 | Cross Site Scripting (XSS) in Typora v0.9.65 and earlier allows remote attackers to execute arbitrary code by injecting commands during block rendering of a ma… |
CVE-2020-18737 | Medium | 6.1 | 2021-02-05 | An issue was discovered in Typora 0.9.67. There is an XSS vulnerability that causes Remote Code Execution. |
CVE-2019-7296 | Medium | 6.1 | 2019-01-31 | typora through 0.9.64 has XSS, with resultant remote command execution, during inline rendering of a mathematical formula. |