Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tiny tinymce vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-12648
A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and previous versions allows remote malicious users to inject arbitrary web script when configured in classic editing mode.
Tiny Tinymce
6.1
CVSSv3
CVE-2022-23494
tinymce is an open source rich text editor. A cross-site scripting (XSS) vulnerability exists in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the `image` plu...
Tiny Tinymce
6.1
CVSSv3
CVE-2024-21908
TinyMCE versions prior to 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.
Tiny Tinymce
6.1
CVSSv3
CVE-2024-21910
TinyMCE versions prior to 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser.
Tiny Tinymce
6.1
CVSSv3
CVE-2024-21911
TinyMCE versions prior to 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.
Tiny Tinymce
6.1
CVSSv3
CVE-2023-45818
TinyMCE is an open source rich text editor. A mutation cross-site scripting (mXSS) vulnerability exists in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming...
Tiny Tinymce
6.1
CVSSv3
CVE-2023-45819
TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability exists in TinyMCE’s Notification Manager API. The vulnerability exploits TinyMCE's unfiltered notification system, which is used in error handling. The conditions for this exploit re...
Tiny Tinymce
6.1
CVSSv3
CVE-2019-1010091
tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The component is: Media element. The attack vector is: The victim must paste malicious content to media element's embed tab.
Tiny Tinymce
6.1
CVSSv3
CVE-2023-48219
TinyMCE is an open source rich text editor. A mutation cross-site scripting (mXSS) vulnerability exists in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon serialization according to the HTML standard...
Tiny Tinymce
6.1
CVSSv3
CVE-2020-17480
TinyMCE prior to 4.9.7 and 5.x prior to 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor.
Tiny Tinymce
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »