Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tiny tinymce vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2020-17480
TinyMCE prior to 4.9.7 and 5.x prior to 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor.
Tiny Tinymce
383
VMScore
CVE-2019-1010091
tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The component is: Media element. The attack vector is: The victim must paste malicious content to media element's embed tab.
Tiny Tinymce
NA
CVE-2024-21908
TinyMCE versions prior to 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.
Tiny Tinymce
NA
CVE-2024-21910
TinyMCE versions prior to 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser.
Tiny Tinymce
NA
CVE-2024-21911
TinyMCE versions prior to 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.
Tiny Tinymce
NA
CVE-2022-23494
tinymce is an open source rich text editor. A cross-site scripting (XSS) vulnerability exists in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the `image` plu...
Tiny Tinymce
NA
CVE-2023-48219
TinyMCE is an open source rich text editor. A mutation cross-site scripting (mXSS) vulnerability exists in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon serialization according to the HTML standard...
Tiny Tinymce
NA
CVE-2023-45818
TinyMCE is an open source rich text editor. A mutation cross-site scripting (mXSS) vulnerability exists in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming...
Tiny Tinymce
NA
CVE-2023-45819
TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability exists in TinyMCE’s Notification Manager API. The vulnerability exploits TinyMCE's unfiltered notification system, which is used in error handling. The conditions for this exploit re...
Tiny Tinymce
383
VMScore
CVE-2020-12648
A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and previous versions allows remote malicious users to inject arbitrary web script when configured in classic editing mode.
Tiny Tinymce
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »