Vulnerabilities > Typora > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-10 | CVE-2020-18336 | Cross-site Scripting vulnerability in Typora 0.9.65 Cross Site Scripting (XSS) vulnerability found in Typora v.0.9.65 allows a remote attacker to obtain sensitive information via the PDF file exporting function. | 7.4 |
| 2023-08-19 | CVE-2023-2316 | Path Traversal vulnerability in Typora Improper path handling in Typora before 1.6.7 on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/<absolute-path>". | 7.4 |
| 2023-03-07 | CVE-2023-1003 | Code Injection vulnerability in Typora A vulnerability, which was classified as critical, was found in Typora up to 1.5.5 on Windows. | 7.8 |
| 2019-05-17 | CVE-2019-12172 | Path Traversal vulnerability in Typora 0.9.9.21.1 Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. | 7.8 |
| 2019-05-16 | CVE-2019-12137 | Path Traversal vulnerability in Typora 0.9.9.24.6 Typora 0.9.9.24.6 on macOS allows directory traversal, for execution of arbitrary programs, via a file:/// or ../ substring in a shared note. | 7.8 |