3 matches found
CVE-2023-2317
DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows and Linux allows a crafted markdown file to run arbitrary JavaScript code in the context of Typora main window via loading typora://app/typemark/updater/update.html in tag. This vulnerability can be exploited if a user opens a...
CVE-2023-2317
Vulnerability context (CVE-2023-2317) : DOM-based XSS in Typora’s updater/update.html before 1.6.7 on Windows/Linux. A crafted markdown file can execute arbitrary JavaScript in the Typora main window by loading typora://app/typemark/updater/update.html in an tag. Exploitation scenarios include o...
CVE-2023-2317 Typora DOM-Based Cross-site Scripting leading to Remote Code Execution
DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows and Linux allows a crafted markdown file to run arbitrary JavaScript code in the context of Typora main window via loading typora://app/typemark/updater/update.html in tag. This vulnerability can be exploited if a user opens a...