VYPR
Critical severity9.6NVD Advisory· Published Jan 9, 2020· Updated Jun 17, 2026

CVE-2019-20374

CVE-2019-20374

Description

A mutation cross-site scripting (XSS) issue in Typora through 0.9.9.31.2 on macOS and through 0.9.81 on Linux leads to Remote Code Execution through Mermaid code blocks. To exploit this vulnerability, one must open a file in Typora. The XSS vulnerability is then triggered due to improper HTML sanitization. Given that the application is based on the Electron framework, the XSS leads to remote code execution in an unsandboxed environment.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Typora/Typoradescription
  • Typora/Typorallm-fuzzy
    Range: <=0.9.9.31.2 on macOS, <=0.9.81 on Linux

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.