Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Typora
(Typora)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 18 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-08-19 | CVE-2020-18748 | Cross Site Scripting (XSS) in Typora v0.9.65 allows attackers to execute arbitrary code via mathjax syntax due to a mathjax configuration error in the mathematical formula blocks. This is a different vulnerability from CVE-2020-18221. | Typora | 6.1 | ||
| 2021-05-26 | CVE-2020-18221 | Cross Site Scripting (XSS) in Typora v0.9.65 and earlier allows remote attackers to execute arbitrary code by injecting commands during block rendering of a mathematical formula. | Typora | 6.1 | ||
| 2021-02-05 | CVE-2020-18737 | An issue was discovered in Typora 0.9.67. There is an XSS vulnerability that causes Remote Code Execution. | Typora | 6.1 | ||
| 2019-05-16 | CVE-2019-12137 | Typora 0.9.9.24.6 on macOS allows directory traversal, for execution of arbitrary programs, via a file:/// or ../ substring in a shared note. | Typora | 7.8 | ||
| 2019-05-17 | CVE-2019-12172 | Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137. | Typora | 7.8 | ||
| 2019-01-31 | CVE-2019-7296 | typora through 0.9.64 has XSS, with resultant remote command execution, during inline rendering of a mathematical formula. | Typora | 6.1 | ||
| 2019-01-31 | CVE-2019-7295 | typora through 0.9.63 has XSS, with resultant remote command execution, during block rendering of a mathematical formula. | Typora | 6.1 | ||
| 2019-01-25 | CVE-2019-6803 | typora through 0.9.9.20.3 beta has XSS, with resultant remote command execution, via the left outline bar. | Typora | 6.1 |