Vulnerabilities > Typora > Typora > 1.3.8

DATE CVE VULNERABILITY TITLE RISK
2023-08-19 CVE-2023-2316 Path Traversal vulnerability in Typora
Improper path handling in Typora before 1.6.7 on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/<absolute-path>".
network
low complexity
typora CWE-22
7.4
7.4
2023-08-19 CVE-2023-2317 Cross-site Scripting vulnerability in Typora
DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows and Linux allows a crafted markdown file to run arbitrary JavaScript code in the context of Typora main window via loading typora://app/typemark/updater/update.html in <embed> tag.
network
low complexity
typora CWE-79
critical
 9.6
9.6
2023-08-19 CVE-2023-2971 Path Traversal vulnerability in Typora
Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/".
network
low complexity
typora CWE-22
6.5
6.5
2023-03-07 CVE-2023-1003 Code Injection vulnerability in Typora
A vulnerability, which was classified as critical, was found in Typora up to 1.5.5 on Windows.
local
low complexity
typora CWE-94
7.8
7.8