PT-2021-10234 · Typora · Typora
U2400
·
Published
2021-08-19
·
Updated
2021-08-23
·
CVE-2020-18748
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Typora version 0.9.65
Description:
The issue is related to Cross Site Scripting (XSS) that allows attackers to execute arbitrary code via mathjax syntax. This is due to a mathjax configuration error in the mathematical formula blocks.
Recommendations:
For version 0.9.65, consider disabling the mathjax syntax in mathematical formula blocks as a temporary workaround until a patch is available. Restrict access to mathematical formula blocks to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Typora