Cross Site Scripting in Typora by Typora.io
CVE-2020-18748

6.1MEDIUM

Key Information:

Vendor

Typora

Status
Typora
Vendor
CVE Published:
19 August 2021

What is CVE-2020-18748?

A cross site scripting vulnerability has been identified in Typora version 0.9.65, which arises from a misconfiguration of mathjax syntax within mathematical formula blocks. This flaw enables attackers to execute arbitrary code, potentially compromising user security. Users of Typora are advised to be cautious when utilizing mathjax features and to apply any necessary updates or mitigations to protect against this security issue.

References

https://github.com/typora
x_refsource_MISC
https://github.com/typora/typora-issues/issues/2226
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.