CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18221
https://notcve.org/view.php?id=CVE-2020-18221
26 May 2021 — Cross Site Scripting (XSS) in Typora v0.9.65 and earlier allows remote attackers to execute arbitrary code by injecting commands during block rendering of a mathematical formula. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en Typora versión v0.9.65 y anteriores, permite a atacantes remotos ejecutar código arbitrario al inyectar comandos durante el renderizado de bloques de una fórmula matemática • https://github.com/typora/typora-issues/issues/2204 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18737
https://notcve.org/view.php?id=CVE-2020-18737
05 Feb 2021 — An issue was discovered in Typora 0.9.67. There is an XSS vulnerability that causes Remote Code Execution. Se detectó un problema en Typora versión 0.9.67. Se presenta una vulnerabilidad de tipo XSS que causa una ejecución de código remota • https://github.com/typora/typora-issues/issues/2289 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.6EPSS: 1%CPEs: 4EXPL: 0CVE-2019-20374
https://notcve.org/view.php?id=CVE-2019-20374
09 Jan 2020 — A mutation cross-site scripting (XSS) issue in Typora through 0.9.9.31.2 on macOS and through 0.9.81 on Linux leads to Remote Code Execution through Mermaid code blocks. To exploit this vulnerability, one must open a file in Typora. The XSS vulnerability is then triggered due to improper HTML sanitization. Given that the application is based on the Electron framework, the XSS leads to remote code execution in an unsandboxed environment. Un problema de mutación de tipo cross-site scripting (XSS) en Typora ve... • https://github.com/cure53/DOMPurify/commit/4e8af7b2c4a159b683d317e02c5cbddb86dc4a0e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2019-12172
https://notcve.org/view.php?id=CVE-2019-12172
17 May 2019 — Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137. Typora 0.9.9.21.1 (1913) permite la ejecución de código arbitrario a través de un archivo modificado: sintaxis de URL en el atributo HREF de un elemento AREA, como lo demuestra el archivo: \\\ en macOS o Linux, o el archivo: // C | en Windows. Esto es diferente de CVE-2... • https://github.com/typora/typora-issues/issues/2166 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 3CVE-2019-12137 – Typora 0.9.9.24.6 - Directory Traversal
https://notcve.org/view.php?id=CVE-2019-12137
16 May 2019 — Typora 0.9.9.24.6 on macOS allows directory traversal, for execution of arbitrary programs, via a file:/// or ../ substring in a shared note. En Typora 0.9.9.24.6 en macOS permite el cruce de directorios, para la ejecución de programas arbitrarios, mediante un archivo: /// o ../ subcadena en una nota compartida. Typora version 0.9.9.24.6 suffers from a directory traversal vulnerability. • https://packetstorm.news/files/id/153082 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 1CVE-2019-7295
https://notcve.org/view.php?id=CVE-2019-7295
31 Jan 2019 — typora through 0.9.63 has XSS, with resultant remote command execution, during block rendering of a mathematical formula. typora hasta la versión 0.9.63 tiene Cross-Site Scripting (XSS), además de la ejecución remota de comandos, durante el renderizado en bloque de una fórmula matemática. • https://github.com/typora/typora-issues/issues/2129 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 1CVE-2019-7296
https://notcve.org/view.php?id=CVE-2019-7296
31 Jan 2019 — typora through 0.9.64 has XSS, with resultant remote command execution, during inline rendering of a mathematical formula. typora, hasta la versión 0.9.64, tiene Cross-Site Scripting (XSS), además de la ejecución remota de comandos, durante el renderizado inline de una fórmula matemática. • https://github.com/typora/typora-issues/issues/2131 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 94EXPL: 1CVE-2019-6803
https://notcve.org/view.php?id=CVE-2019-6803
25 Jan 2019 — typora through 0.9.9.20.3 beta has XSS, with resultant remote command execution, via the left outline bar. typora, hasta la versión beta 0.9.9.20.3, tiene Cross-Site Scripting (XSS), que desemboca en la ejecución de comandos remota en la barra "outline" izquierda. • https://github.com/typora/typora-issues/issues/2124 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •