RSS   Podatności dla 'Typora'   RSS

2021-08-19
 
CVE-2020-18748

CWE-79
 

 
Cross Site Scripting (XSS) in Typora v0.9.65 allows attackers to execute arbitrary code via mathjax syntax due to a mathjax configuration error in the mathematical formula blocks. This is a different vulnerability from CVE-2020-18221.

 
2021-05-26
 
CVE-2020-18221

CWE-79
 

 
Cross Site Scripting (XSS) in Typora v0.9.65 and earlier allows remote attackers to execute arbitrary code by injecting commands during block rendering of a mathematical formula.

 
2021-02-05
 
CVE-2020-18737

CWE-79
 

 
An issue was discovered in Typora 0.9.67. There is an XSS vulnerability that causes Remote Code Execution.

 
2019-05-17
 
CVE-2019-12172

CWE-20
 

 
Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137.

 
2019-05-16
 
CVE-2019-12137

CWE-22
 

 
Typora 0.9.9.24.6 on macOS allows directory traversal, for execution of arbitrary programs, via a file:/// or ../ substring in a shared note.

 
2019-01-31
 
CVE-2019-7296

CWE-79
 

 
typora through 0.9.64 has XSS, with resultant remote command execution, during inline rendering of a mathematical formula.

 
 
CVE-2019-7295

CWE-79
 

 
typora through 0.9.63 has XSS, with resultant remote command execution, during block rendering of a mathematical formula.

 
2019-01-25
 
CVE-2019-6803

CWE-79
 

 
typora through 0.9.9.20.3 beta has XSS, with resultant remote command execution, via the left outline bar.

 


Copyright 2024, cxsecurity.com

 

Back to Top