Vulnerabilities > Typora

DATE	CVE	VULNERABILITY TITLE	RISK
2024-08-12	CVE-2024-41481	Cross-site Scripting vulnerability in Typora Typora before 1.9.3 Markdown editor has a cross-site scripting (XSS) vulnerability via the Mermaid component. network low complexity typora CWE-79	6.1
2024-08-12	CVE-2024-41482	Cross-site Scripting vulnerability in Typora Typora before 1.9.3 Markdown editor has a cross-site scripting (XSS) vulnerability via the MathJax component. network low complexity typora CWE-79	6.1
2023-10-10	CVE-2020-18336	Cross-site Scripting vulnerability in Typora 0.9.65 Cross Site Scripting (XSS) vulnerability found in Typora v.0.9.65 allows a remote attacker to obtain sensitive information via the PDF file exporting function. network low complexity typora CWE-79	7.4
2023-09-01	CVE-2023-39703	Cross-site Scripting vulnerability in Typora A cross site scripting (XSS) vulnerability in the Markdown Editor component of Typora v1.6.7 allows attackers to execute arbitrary code via uploading a crafted Markdown file. network low complexity typora CWE-79	6.1
2023-08-19	CVE-2023-2316	Path Traversal vulnerability in Typora Improper path handling in Typora before 1.6.7 on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/<absolute-path>". network low complexity typora CWE-22	7.4
2023-08-19	CVE-2023-2317	Cross-site Scripting vulnerability in Typora DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows and Linux allows a crafted markdown file to run arbitrary JavaScript code in the context of Typora main window via loading typora://app/typemark/updater/update.html in <embed> tag. network low complexity typora CWE-79 critical	9.6
2023-08-19	CVE-2023-2971	Path Traversal vulnerability in Typora Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". network low complexity typora CWE-22	6.5
2023-06-20	CVE-2020-21058	Cross-site Scripting vulnerability in Typora 0.9.79 Cross Site Scripting vulnerability in Typora v.0.9.79 allows a remote attacker to execute arbitrary code via the mermaid sytax. network low complexity typora CWE-79	6.1
2023-03-07	CVE-2023-1003	Code Injection vulnerability in Typora A vulnerability, which was classified as critical, was found in Typora up to 1.5.5 on Windows. local low complexity typora CWE-94	7.8
2022-12-23	CVE-2022-40011	Cross-site Scripting vulnerability in Typora Cross Site Scripting (XSS) vulnerability in typora through 1.38 allows remote attackers to run arbitrary code via export from editor. network low complexity typora CWE-79	6.1

Vulnerabilities > Typora {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Typora"}]}

Vulnerabilities > Typora