Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tiny vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-45819
TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability exists in TinyMCE’s Notification Manager API. The vulnerability exploits TinyMCE's unfiltered notification system, which is used in error handling. The conditions for this exploit re...
Tiny Tinymce
4.3
CVSSv2
CVE-2019-1010091
tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The component is: Media element. The attack vector is: The victim must paste malicious content to media element's embed tab.
Tiny Tinymce
4.3
CVSSv2
CVE-2020-17480
TinyMCE prior to 4.9.7 and 5.x prior to 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor.
Tiny Tinymce
NA
CVE-2022-23494
tinymce is an open source rich text editor. A cross-site scripting (XSS) vulnerability exists in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the `image` plu...
Tiny Tinymce
10
CVSSv2
CVE-2011-4908
TinyBrowser plugin for Joomla! prior to 1.5.13 allows arbitrary file upload via upload.php.
Tiny Tinybrowser
2 EDB exploits
NA
CVE-2023-48219
TinyMCE is an open source rich text editor. A mutation cross-site scripting (mXSS) vulnerability exists in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon serialization according to the HTML standard...
Tiny Tinymce
NA
CVE-2024-21908
TinyMCE versions prior to 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.
Tiny Tinymce
NA
CVE-2024-21910
TinyMCE versions prior to 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser.
Tiny Tinymce
NA
CVE-2024-21911
TinyMCE versions prior to 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.
Tiny Tinymce
6.8
CVSSv2
CVE-2021-23562
This affects the package plupload prior to 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.
Tiny Plupload
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »