Tiny

Tinymce

16 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.6%
  • Veröffentlicht 19.10.2023 22:15:11
  • Zuletzt bearbeitet 21.11.2024 08:27:25

TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s Notification Manager API. The vulnerability exploits TinyMCE's unfiltered notification system, which is used in error handling. The con...

  • EPSS 0.62%
  • Veröffentlicht 19.10.2023 22:15:10
  • Zuletzt bearbeitet 21.11.2024 08:27:25

TinyMCE is an open source rich text editor. A mutation cross-site scripting (mXSS) vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated ...

  • EPSS 0.94%
  • Veröffentlicht 08.12.2022 22:15:10
  • Zuletzt bearbeitet 21.11.2024 06:48:40

tinymce is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confi...

  • EPSS 1.81%
  • Veröffentlicht 14.08.2020 14:15:12
  • Zuletzt bearbeitet 21.11.2024 04:59:59

A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode.

Exploit
  • EPSS 1.25%
  • Veröffentlicht 10.08.2020 20:15:11
  • Zuletzt bearbeitet 21.11.2024 05:08:12

TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor.

Exploit
  • EPSS 1.92%
  • Veröffentlicht 17.07.2019 17:15:13
  • Zuletzt bearbeitet 21.11.2024 04:17:57

tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The component is: Media element. The attack vector is: The victim must paste malicious content to me...