Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
typora typora vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2023-2971
Improper path handling in Typora prior to 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". This vulnerability can be exploited if a user opens a malicious markdown file ...
Typora Typora
9.6
CVSSv3
CVE-2023-2317
DOM-based XSS in updater/update.html in Typora prior to 1.6.7 on Windows and Linux allows a crafted markdown file to run arbitrary JavaScript code in the context of Typora main window via loading typora://app/typemark/updater/update.html in <embed> tag. This vulnerability c...
Typora Typora
6.1
CVSSv3
CVE-2020-18737
An issue exists in Typora 0.9.67. There is an XSS vulnerability that causes Remote Code Execution.
Typora Typora 0.9.67
6.1
CVSSv3
CVE-2020-18748
Cross Site Scripting (XSS) in Typora v0.9.65 allows malicious users to execute arbitrary code via mathjax syntax due to a mathjax configuration error in the mathematical formula blocks. This is a different vulnerability from CVE-2020-18221.
Typora Typora 0.9.65
7.8
CVSSv3
CVE-2019-12137
Typora 0.9.9.24.6 on macOS allows directory traversal, for execution of arbitrary programs, via a file:/// or ../ substring in a shared note.
Typora Typora 0.9.9.24.6
6.1
CVSSv3
CVE-2020-21058
Cross Site Scripting vulnerability in Typora v.0.9.79 allows a remote malicious user to execute arbitrary code via the mermaid sytax.
Typora Typora 0.9.79
7.8
CVSSv3
CVE-2019-12172
Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137.
Typora Typora 0.9.9.21.1
7.4
CVSSv3
CVE-2020-18336
Cross Site Scripting (XSS) vulnerability found in Typora v.0.9.65 allows a remote malicious user to obtain sensitive information via the PDF file exporting function.
Typora Typora 0.9.65
NA
CVE-2024-33300
Typora v1.0.0 through v1.7 version (below) Markdown editor has a cross-site scripting (XSS) vulnerability, which allows malicious users to execute arbitrary code by uploading Markdown files.
NA
CVE-2024-31783
Cross Site Scripting (XSS) vulnerability in Typora v.1.6.7 and before, allows a local malicious user to obtain sensitive information via a crafted script during markdown file creation.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »