3 matches found
CVE-2022-40011
Typora through 1.3.8 allows XSS if a document containing an SVG element with an attacker-controlled onload attribute is exported and then used at a victim's origin...
CVE-2022-40011
Typora through 1.3.8 allows XSS if a document containing an SVG element with an attacker-controlled onload attribute is exported and then used at a victim's origin...
CVE-2022-40011
CVE-2022-40011 affects Typora up to version 1.3.8. The vulnerability is an XSS where exporting a document containing an SVG element with an attacker-controlled onload attribute can be used at a victim’s origin, enabling script execution in the victim context. The available connected documents con...