exploitDog

CVE-2022-40011

Опубликовано: 23 дек. 2022

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Typora through 1.3.8 allows XSS if a document containing an SVG element with an attacker-controlled onload attribute is exported and then used at a victim's origin.

Ссылки

https://gist.github.com/wangking1/61bdd1967367301a950ffbb3d10386f3
Third Party Advisory
https://typora.io/releases/all
http://typora.com
Not Applicable
http://wwwtyporaio.com
Broken Link
https://gist.github.com/wangking1/61bdd1967367301a950ffbb3d10386f3
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:typora:typora:*:*:*:*:*:*:*:*

Версия до 1.38 (включая)

EPSS

Процентиль: 52%

0.00296

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-q28p-82xj-hwh7

CVSS3: 6.1

github

около 3 лет назад

Cross Site Scripting (XSS) vulnerability in typora through 1.38 allows remote attackers to run arbitrary code via export from editor.

EPSS

Процентиль: 52%

0.00296

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79