Typora v1.0.0 through v1.7 version (below) Markdown editor has a cross-site scripting (XSS) vulnerability, which allows attackers to execute arbitrary code by uploading Markdown files.
[
{
"cpes": [
"cpe:2.3:a:typora:typora:*:*:*:*:*:*:*:*"
],
"vendor": "typora",
"product": "typora",
"versions": [
{
"status": "affected",
"version": "*"
}
],
"defaultStatus": "unknown"
}
]