Cross Site Scripting vulnerability in Typora v.0.9.79 allows a remote malicious user to execute arbitrary code via the mermaid sytax.
typora typora 0.9.79