Lucene search

MitreCVE-2024-33300

HistoryMay 01, 2024 - 7:15 p.m.

CVE-2024-33300

2024-05-0119:15:26

CWE-79

mitre

web.nvd.nist.gov

cve-2024-33300

typora v1.0.0

typora v1.7

markdown editor

cross-site scripting

xss vulnerability

arbitrary code execution

file upload

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

6.4

Confidence

High

EPSS

Percentile

9.0%

JSON

Typora v1.0.0 through v1.7 version (below) Markdown editor has a cross-site scripting (XSS) vulnerability, which allows attackers to execute arbitrary code by uploading Markdown files.

References

github.com/whoisoo6/Stored-xss-vulnerability-exists-in-Typra

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

6.4

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-33300