Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
typora typora vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-33300
Typora v1.0.0 through v1.7 version (below) Markdown editor has a cross-site scripting (XSS) vulnerability, which allows malicious users to execute arbitrary code by uploading Markdown files.
NA
CVE-2024-31783
Cross Site Scripting (XSS) vulnerability in Typora v.1.6.7 and before, allows a local malicious user to obtain sensitive information via a crafted script during markdown file creation.
NA
CVE-2024-31784
An issue in Typora v.1.8.10 and before, allows a local malicious user to obtain sensitive information and execute arbitrary code via a crafted payload to the src component.
7.4
CVSSv3
CVE-2020-18336
Cross Site Scripting (XSS) vulnerability found in Typora v.0.9.65 allows a remote malicious user to obtain sensitive information via the PDF file exporting function.
Typora Typora 0.9.65
6.1
CVSSv3
CVE-2023-39703
A cross site scripting (XSS) vulnerability in the Markdown Editor component of Typora v1.6.7 allows malicious users to execute arbitrary code via uploading a crafted Markdown file.
Typora Typora
6.5
CVSSv3
CVE-2023-2971
Improper path handling in Typora prior to 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". This vulnerability can be exploited if a user opens a malicious markdown file ...
Typora Typora
7.4
CVSSv3
CVE-2023-2316
Improper path handling in Typora prior to 1.6.7 on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/<absolute-path>". This vulnerability can be exploited if a user opens a malicious markdo...
Typora Typora
9.6
CVSSv3
CVE-2023-2317
DOM-based XSS in updater/update.html in Typora prior to 1.6.7 on Windows and Linux allows a crafted markdown file to run arbitrary JavaScript code in the context of Typora main window via loading typora://app/typemark/updater/update.html in <embed> tag. This vulnerability c...
Typora Typora
6.1
CVSSv3
CVE-2020-21058
Cross Site Scripting vulnerability in Typora v.0.9.79 allows a remote malicious user to execute arbitrary code via the mermaid sytax.
Typora Typora 0.9.79
7.8
CVSSv3
CVE-2023-1003
A vulnerability, which was classified as critical, was found in Typora up to 1.5.5 on Windows. Affected is an unknown function of the component WSH JScript Handler. The manipulation leads to code injection. An attack has to be approached locally. The exploit has been disclosed to...
Typora Typora
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »