Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tiny vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-45818
TinyMCE is an open source rich text editor. A mutation cross-site scripting (mXSS) vulnerability exists in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming...
Tiny Tinymce
NA
CVE-2023-45819
TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability exists in TinyMCE’s Notification Manager API. The vulnerability exploits TinyMCE's unfiltered notification system, which is used in error handling. The conditions for this exploit re...
Tiny Tinymce
755
VMScore
CVE-2011-4906
Tiny browser in TinyMCE 3.0 editor in Joomla! prior to 1.5.13 allows file upload and arbitrary PHP code execution.
Tiny Tinybrowser
1 EDB exploit
605
VMScore
CVE-2021-23562
This affects the package plupload prior to 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.
Tiny Plupload
1000
VMScore
CVE-2011-4908
TinyBrowser plugin for Joomla! prior to 1.5.13 allows arbitrary file upload via upload.php.
Tiny Tinybrowser
2 EDB exploits
383
VMScore
CVE-2020-17480
TinyMCE prior to 4.9.7 and 5.x prior to 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor.
Tiny Tinymce
383
VMScore
CVE-2020-12648
A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and previous versions allows remote malicious users to inject arbitrary web script when configured in classic editing mode.
Tiny Tinymce
NA
CVE-2024-21908
TinyMCE versions prior to 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.
Tiny Tinymce
NA
CVE-2024-21910
TinyMCE versions prior to 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser.
Tiny Tinymce
NA
CVE-2024-21911
TinyMCE versions prior to 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.
Tiny Tinymce
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »