CVE-2024-41482

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Aug 12, 2024
Updated: Aug 13, 2024
CWE ID 79

Summary

CVE-2024-41482 is a newly identified cross-site scripting (XSS) vulnerability affecting Typora before version 1.9.3. This issue resides within the MathJax component of the Markdown editor, which allows malicious users to inject and execute malicious scripts in a victim's web browser during the rendering of untrusted Markdown content. Exploitation of this vulnerability could potentially lead to unauthorized access to user information or session hijacking, posing a significant threat to users who visit compromised websites or open malicious documents. To mitigate this risk, users are encouraged to upgrade to the latest version of Typora as soon as possible.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share