Vulnerabilities > Typora
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-05 | CVE-2020-18737 | Cross-site Scripting vulnerability in Typora 0.9.67 An issue was discovered in Typora 0.9.67. | 4.3 |
| 2020-01-09 | CVE-2019-20374 | Cross-site Scripting vulnerability in Typora A mutation cross-site scripting (XSS) issue in Typora through 0.9.9.31.2 on macOS and through 0.9.81 on Linux leads to Remote Code Execution through Mermaid code blocks. | 6.8 |
| 2019-05-17 | CVE-2019-12172 | Path Traversal vulnerability in Typora 0.9.9.21.1 Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. | 6.8 |
| 2019-05-16 | CVE-2019-12137 | Path Traversal vulnerability in Typora 0.9.9.24.6 Typora 0.9.9.24.6 on macOS allows directory traversal, for execution of arbitrary programs, via a file:/// or ../ substring in a shared note. | 6.8 |
| 2019-01-31 | CVE-2019-7296 | Cross-site Scripting vulnerability in Typora typora through 0.9.64 has XSS, with resultant remote command execution, during inline rendering of a mathematical formula. | 4.3 |
| 2019-01-31 | CVE-2019-7295 | Cross-site Scripting vulnerability in Typora typora through 0.9.63 has XSS, with resultant remote command execution, during block rendering of a mathematical formula. | 4.3 |
| 2019-01-25 | CVE-2019-6803 | Cross-site Scripting vulnerability in Typora typora through 0.9.9.20.3 beta has XSS, with resultant remote command execution, via the left outline bar. | 4.3 |