CVE-2022-40011

Published: Dic 23, 2022 Last Modified: Feb 23, 2026 EU-VD ID: EUVD-2022-43336 Aliases: GSD-2022-40011
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 6,1
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: required
Scope: changed
Confidentiality: low
Integrity: low
Availability: none

Description

AI Translation Available

Typora through 1.3.8 allows XSS if a document containing an SVG element with an attacker-controlled onload attribute is exported and then used at a victim's origin.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0030
Percentile
0,5th
Updated

EPSS Score Trend (Last 90 Days)

79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Stable
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control Confidentiality Integrity Availability
Potential Impacts:
Bypass Protection Mechanism Read Application Data Execute Unauthorized Code Or Commands
Applicable Platforms
Technologies: AI/ML, Web Based, Web Server
Likelihood of Exploit: High
View CWE Details
Application

Typora by Typora

Product Information
Vendor Typora
Product Typora
Version Range Affected
To 1.3.8 (inclusive)
cpe:2.3:a:typora:typora:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://gist.github.com/wangking1/61bdd1967367301a950ffbb3d…
https://gist.github.com/wangking1/61bdd1967367301a950ffbb3d10386f3
http://typora.com
http://typora.com
http://wwwtyporaio.com
http://wwwtyporaio.com
https://gist.github.com/wangking1/61bdd1967367301a950ffbb3d…
https://gist.github.com/wangking1/61bdd1967367301a950ffbb3d10386f3
https://typora.io/releases/all
https://typora.io/releases/all