VYPR

Typora

by Typora

CVEs (24)

  • CVE-2024-33300May 1, 2024
    risk 0.00cvss epss 0.01

    Typora v1.0.0 through v1.7 version (below) Markdown editor has a cross-site scripting (XSS) vulnerability, which allows attackers to execute arbitrary code by uploading Markdown files.

  • CVE-2024-31784Apr 16, 2024
    risk 0.00cvss epss 0.00

    An issue in Typora v.1.8.10 and before, allows a local attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the src component.

  • CVE-2024-31783Apr 16, 2024
    risk 0.00cvss epss 0.00

    Cross Site Scripting (XSS) vulnerability in Typora v.1.6.7 and before, allows a local attacker to obtain sensitive information via a crafted script during markdown file creation.

  • CVE-2019-20374CriJan 9, 2020
    risk 0.00cvss 9.6epss 0.02

    A mutation cross-site scripting (XSS) issue in Typora through 0.9.9.31.2 on macOS and through 0.9.81 on Linux leads to Remote Code Execution through Mermaid code blocks. To exploit this vulnerability, one must open a file in Typora. The XSS vulnerability is then triggered due to…

Page 2 of 2