2022-12-23 00:00:00
mitre
PUBLISHED
Typora through 1.3.8 allows XSS if a document containing an SVG element with an attacker-controlled onload attribute is exported and then used at a victims origin.