Vulnerabilities > Typora > Typora > 0.9.9.21.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-19 | CVE-2023-2316 | Path Traversal vulnerability in Typora Improper path handling in Typora before 1.6.7 on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/<absolute-path>". | 7.4 |
| 2023-08-19 | CVE-2023-2317 | Cross-site Scripting vulnerability in Typora DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows and Linux allows a crafted markdown file to run arbitrary JavaScript code in the context of Typora main window via loading typora://app/typemark/updater/update.html in <embed> tag. | 9.6 |
| 2023-08-19 | CVE-2023-2971 | Path Traversal vulnerability in Typora Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". | 6.5 |
| 2023-03-07 | CVE-2023-1003 | Code Injection vulnerability in Typora A vulnerability, which was classified as critical, was found in Typora up to 1.5.5 on Windows. | 7.8 |
| 2022-12-07 | CVE-2022-43668 | Cross-site Scripting vulnerability in Typora Typora versions prior to 1.4.4 fails to properly neutralize JavaScript code, which may result in executing JavaScript code contained in the file when opening a file with the affected product. | 6.1 |
| 2021-05-26 | CVE-2020-18221 | Cross-site Scripting vulnerability in Typora Cross Site Scripting (XSS) in Typora v0.9.65 and earlier allows remote attackers to execute arbitrary code by injecting commands during block rendering of a mathematical formula. | 4.3 |
| 2020-01-09 | CVE-2019-20374 | Cross-site Scripting vulnerability in Typora A mutation cross-site scripting (XSS) issue in Typora through 0.9.9.31.2 on macOS and through 0.9.81 on Linux leads to Remote Code Execution through Mermaid code blocks. | 6.8 |
| 2019-05-17 | CVE-2019-12172 | Path Traversal vulnerability in Typora 0.9.9.21.1 Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. | 6.8 |
| 2019-01-31 | CVE-2019-7296 | Cross-site Scripting vulnerability in Typora typora through 0.9.64 has XSS, with resultant remote command execution, during inline rendering of a mathematical formula. | 4.3 |
| 2019-01-31 | CVE-2019-7295 | Cross-site Scripting vulnerability in Typora typora through 0.9.63 has XSS, with resultant remote command execution, during block rendering of a mathematical formula. | 4.3 |