Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
typora typora vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-7296
typora up to and including 0.9.64 has XSS, with resultant remote command execution, during inline rendering of a mathematical formula.
Typora Typora
6.1
CVSSv3
CVE-2020-18221
Cross Site Scripting (XSS) in Typora v0.9.65 and previous versions allows remote malicious users to execute arbitrary code by injecting commands during block rendering of a mathematical formula.
Typora Typora
6.1
CVSSv3
CVE-2020-21058
Cross Site Scripting vulnerability in Typora v.0.9.79 allows a remote malicious user to execute arbitrary code via the mermaid sytax.
Typora Typora 0.9.79
7.8
CVSSv3
CVE-2019-12172
Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137.
Typora Typora 0.9.9.21.1
7.8
CVSSv3
CVE-2019-12137
Typora 0.9.9.24.6 on macOS allows directory traversal, for execution of arbitrary programs, via a file:/// or ../ substring in a shared note.
Typora Typora 0.9.9.24.6
7.4
CVSSv3
CVE-2020-18336
Cross Site Scripting (XSS) vulnerability found in Typora v.0.9.65 allows a remote malicious user to obtain sensitive information via the PDF file exporting function.
Typora Typora 0.9.65
6.1
CVSSv3
CVE-2020-18737
An issue exists in Typora 0.9.67. There is an XSS vulnerability that causes Remote Code Execution.
Typora Typora 0.9.67
6.1
CVSSv3
CVE-2020-18748
Cross Site Scripting (XSS) in Typora v0.9.65 allows malicious users to execute arbitrary code via mathjax syntax due to a mathjax configuration error in the mathematical formula blocks. This is a different vulnerability from CVE-2020-18221.
Typora Typora 0.9.65
NA
CVE-2024-33300
Typora v1.0.0 through v1.7 version (below) Markdown editor has a cross-site scripting (XSS) vulnerability, which allows malicious users to execute arbitrary code by uploading Markdown files.
NA
CVE-2024-31783
Cross Site Scripting (XSS) vulnerability in Typora v.1.6.7 and before, allows a local malicious user to obtain sensitive information via a crafted script during markdown file creation.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »