CVE-2024-33300

2024-05-0119:15:26

[email protected]

web.nvd.nist.gov

typora

markdown editor

xss vulnerability

arbitrary code execution

cve-2024-33300

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Typora v1.0.0 through v1.7 version (below) Markdown editor has a cross-site scripting (XSS) vulnerability, which allows attackers to execute arbitrary code by uploading Markdown files.

References

github.com/whoisoo6/Stored-xss-vulnerability-exists-in-Typra