Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
typora typora vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-2971
Improper path handling in Typora prior to 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". This vulnerability can be exploited if a user opens a malicious markdown file ...
Typora Typora
NA
CVE-2023-39703
A cross site scripting (XSS) vulnerability in the Markdown Editor component of Typora v1.6.7 allows malicious users to execute arbitrary code via uploading a crafted Markdown file.
Typora Typora
383
VMScore
CVE-2020-18737
An issue exists in Typora 0.9.67. There is an XSS vulnerability that causes Remote Code Execution.
Typora Typora 0.9.67
383
VMScore
CVE-2020-18748
Cross Site Scripting (XSS) in Typora v0.9.65 allows malicious users to execute arbitrary code via mathjax syntax due to a mathjax configuration error in the mathematical formula blocks. This is a different vulnerability from CVE-2020-18221.
Typora Typora 0.9.65
605
VMScore
CVE-2019-12137
Typora 0.9.9.24.6 on macOS allows directory traversal, for execution of arbitrary programs, via a file:/// or ../ substring in a shared note.
Typora Typora 0.9.9.24.6
NA
CVE-2020-18336
Cross Site Scripting (XSS) vulnerability found in Typora v.0.9.65 allows a remote malicious user to obtain sensitive information via the PDF file exporting function.
Typora Typora 0.9.65
605
VMScore
CVE-2019-12172
Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137.
Typora Typora 0.9.9.21.1
NA
CVE-2020-21058
Cross Site Scripting vulnerability in Typora v.0.9.79 allows a remote malicious user to execute arbitrary code via the mermaid sytax.
Typora Typora 0.9.79
NA
CVE-2024-33300
Typora v1.0.0 through v1.7 version (below) Markdown editor has a cross-site scripting (XSS) vulnerability, which allows malicious users to execute arbitrary code by uploading Markdown files.
NA
CVE-2024-31783
Cross Site Scripting (XSS) vulnerability in Typora v.1.6.7 and before, allows a local malicious user to obtain sensitive information via a crafted script during markdown file creation.
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »