Cross Site Scripting (XSS) vulnerability in typora up to and including 1.38 allows remote malicious users to run arbitrary code via export from editor.
typora typora