Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Typora
(Typora)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 23 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-05-01 | CVE-2024-33300 | Typora v1.0.0 through v1.7 version (below) Markdown editor has a cross-site scripting (XSS) vulnerability, which allows attackers to execute arbitrary code by uploading Markdown files. | Typora | N/A | ||
| 2024-04-16 | CVE-2024-31784 | An issue in Typora v.1.8.10 and before, allows a local attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the src component. | Typora | N/A | ||
| 2024-04-16 | CVE-2024-31783 | Cross Site Scripting (XSS) vulnerability in Typora v.1.6.7 and before, allows a local attacker to obtain sensitive information via a crafted script during markdown file creation. | Typora | N/A | ||
| 2024-08-12 | CVE-2024-41481 | Typora before 1.9.3 Markdown editor has a cross-site scripting (XSS) vulnerability via the Mermaid component. | Typora | 6.1 | ||
| 2023-06-20 | CVE-2020-21058 | Cross Site Scripting vulnerability in Typora v.0.9.79 allows a remote attacker to execute arbitrary code via the mermaid sytax. | Typora | 6.1 | ||
| 2021-02-05 | CVE-2020-18737 | An issue was discovered in Typora 0.9.67. There is an XSS vulnerability that causes Remote Code Execution. | Typora | 6.1 | ||
| 2021-05-26 | CVE-2020-18221 | Cross Site Scripting (XSS) in Typora v0.9.65 and earlier allows remote attackers to execute arbitrary code by injecting commands during block rendering of a mathematical formula. | Typora | 6.1 | ||
| 2021-08-19 | CVE-2020-18748 | Cross Site Scripting (XSS) in Typora v0.9.65 allows attackers to execute arbitrary code via mathjax syntax due to a mathjax configuration error in the mathematical formula blocks. This is a different vulnerability from CVE-2020-18221. | Typora | 6.1 | ||
| 2022-12-07 | CVE-2022-43668 | Typora versions prior to 1.4.4 fails to properly neutralize JavaScript code, which may result in executing JavaScript code contained in the file when opening a file with the affected product. | Typora | 6.1 | ||
| 2022-12-23 | CVE-2022-40011 | Cross Site Scripting (XSS) vulnerability in typora through 1.38 allows remote attackers to run arbitrary code via export from editor. | Typora | 6.1 |