ГлавнаяУязвимости → CVE-2024-33300
7.3высокая

CVE-2024-33300

Описание

Typora v1.0.0 through v1.7 version (below) Markdown editor has a cross-site scripting (XSS) vulnerability, which allows attackers to execute arbitrary code by uploading Markdown files.

Затрагиваемое ПО
Typora Typora
CVSS
Балл7.3 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Источники
https://github.com/whoisoo6/Stored-xss-vulnerability-exists-in-Typrahttps://github.com/whoisoo6/Stored-xss-vulnerability-exists-in-Typra