XSS Vulnerability in Typora by Typora.io
CVE-2020-18737

6.1MEDIUM

Key Information:

Vendor: Typora
Status: Typora
Vendor: CVE Published:; 5 February 2021

What is CVE-2020-18737?

An XSS vulnerability was identified in Typora version 0.9.67, which could lead to remote code execution. This issue allows an attacker to inject malicious scripts into web pages viewed by victims, potentially compromising sensitive information or system integrity. It is crucial for users to be aware of this vulnerability and to apply necessary patches to secure their application.

References

https://github.com/typora/typora-issues/issues/2289

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 5, 2021
Vulnerability Reserved
Aug 13, 2020

JSON