Lucene search

[email protected]CVE-2022-40011

HistoryDec 23, 2022 - 11:15 p.m.

CVE-2022-40011

2022-12-2323:15:08

CWE-79

[email protected]

web.nvd.nist.gov

528

cve-2022-40011

cross site scripting

xss

typora

vulnerability

remote code execution

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

35.0%

JSON

Cross Site Scripting (XSS) vulnerability in typora through 1.38 allows remote attackers to run arbitrary code via export from editor.

Affected configurations

NVD

Node

typoratyporaRange≤1.38

CPENameOperatorVersion
typora:typoratyporale1.38

CPE	Name	Operator	Version
typora:typora	typora	le	1.38

References

typora.com

wwwtyporaio.com

gist.github.com/wangking1/61bdd1967367301a950ffbb3d10386f3

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

35.0%

JSON

Related for CVE-2022-40011

nvd1 cvelist1 prion1