Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 09/01/2020 Updated: 08/09/2021

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 9.6 | Impact Score: 6 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

A mutation cross-site scripting (XSS) issue in Typora up to and including 0.9.9.31.2 on macOS and up to and including 0.9.81 on Linux leads to Remote Code Execution through Mermaid code blocks. To exploit this vulnerability, one must open a file in Typora. The XSS vulnerability is then triggered due to improper HTML sanitization. Given that the application is based on the Electron framework, the XSS leads to remote code execution in an unsandboxed environment.

Vulnerable Product	Search on Vulmon	Subscribe to Product
typora typora

CWE-79 https://github.com/cure53/DOMPurify/commit/4e8af7b2c4a159b683d317e02c5cbddb86dc4a0e https://github.com/typora/typora-issues/issues/3124 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-20374

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect