Critical severity9.6NVD Advisory· Published Jan 9, 2020· Updated Jun 17, 2026
CVE-2019-20374
CVE-2019-20374
Description
A mutation cross-site scripting (XSS) issue in Typora through 0.9.9.31.2 on macOS and through 0.9.81 on Linux leads to Remote Code Execution through Mermaid code blocks. To exploit this vulnerability, one must open a file in Typora. The XSS vulnerability is then triggered due to improper HTML sanitization. Given that the application is based on the Electron framework, the XSS leads to remote code execution in an unsandboxed environment.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Typora/Typoradescription
Patches
Vulnerability mechanics
References
2- github.com/cure53/DOMPurify/commit/4e8af7b2c4a159b683d317e02c5cbddb86dc4a0envdPatchThird Party Advisory
- github.com/typora/typora-issues/issues/3124nvdThird Party Advisory
News mentions
0No linked articles in our index yet.