Vulnerabilities > Typora > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-19 | CVE-2023-2317 | Cross-site Scripting vulnerability in Typora DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows and Linux allows a crafted markdown file to run arbitrary JavaScript code in the context of Typora main window via loading typora://app/typemark/updater/update.html in <embed> tag. | 9.6 |
| 2020-01-09 | CVE-2019-20374 | Cross-site Scripting vulnerability in Typora A mutation cross-site scripting (XSS) issue in Typora through 0.9.9.31.2 on macOS and through 0.9.81 on Linux leads to Remote Code Execution through Mermaid code blocks. | 9.6 |