Tiny

Tinymce

16 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.24%
  • Veröffentlicht 28.05.2026 15:21:36
  • Zuletzt bearbeitet 28.05.2026 19:18:01

TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via forged mce:protected comments. Allows attackers to bypass sanitization and inject scripts that execute when content is restored. Im...

  • EPSS 0.22%
  • Veröffentlicht 28.05.2026 15:20:57
  • Zuletzt bearbeitet 28.05.2026 19:18:37

TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability in the media plugin. Attackers can inject malicious scripts via crafted data-mce-* attributes, which are executed when content is rende...

  • EPSS 0.24%
  • Veröffentlicht 28.05.2026 15:20:11
  • Zuletzt bearbeitet 28.05.2026 19:19:37

TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via unsanitized data-mce-* attributes (data-mce-href, data-mce-src, data-mce-style). Allows attackers to inject malicious values that o...

  • EPSS 0.19%
  • Veröffentlicht 28.05.2026 15:18:22
  • Zuletzt bearbeitet 28.05.2026 19:19:03

TinyMCE is an open source rich text editor. From 6.8.0 to before 7.1.0, TinyMCE contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using nested elements can bypass attribute sanitization ...

  • EPSS 0.72%
  • Veröffentlicht 26.03.2024 14:15:09
  • Zuletzt bearbeitet 02.09.2025 16:17:16

TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an `object` or `embed` element and that image could pot...

  • EPSS 0.72%
  • Veröffentlicht 26.03.2024 14:15:08
  • Zuletzt bearbeitet 02.09.2025 16:20:29

TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content insertion code. This allowed `iframe` elements containing malicious code to execute when inserted into the editor. These `ifr...

Exploit
  • EPSS 0.96%
  • Veröffentlicht 03.01.2024 16:15:09
  • Zuletzt bearbeitet 28.11.2025 16:15:51

TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's brow...

Exploit
  • EPSS 1.17%
  • Veröffentlicht 03.01.2024 16:15:09
  • Zuletzt bearbeitet 11.06.2025 17:15:40

TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.

Exploit
  • EPSS 1.07%
  • Veröffentlicht 03.01.2024 16:15:08
  • Zuletzt bearbeitet 28.11.2025 16:15:50

TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.

  • EPSS 0.72%
  • Veröffentlicht 15.11.2023 19:15:07
  • Zuletzt bearbeitet 21.11.2024 08:31:14

TinyMCE is an open source rich text editor. A mutation cross-site scripting (mXSS) vulnerability was discovered in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon serializatio...