Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tiny vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-45819
TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability exists in TinyMCE’s Notification Manager API. The vulnerability exploits TinyMCE's unfiltered notification system, which is used in error handling. The conditions for this exploit re...
Tiny Tinymce
NA
CVE-2023-48219
TinyMCE is an open source rich text editor. A mutation cross-site scripting (mXSS) vulnerability exists in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon serialization according to the HTML standard...
Tiny Tinymce
383
VMScore
CVE-2019-1010091
tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The component is: Media element. The attack vector is: The victim must paste malicious content to media element's embed tab.
Tiny Tinymce
NA
CVE-2024-21908
TinyMCE versions prior to 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.
Tiny Tinymce
NA
CVE-2024-21910
TinyMCE versions prior to 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser.
Tiny Tinymce
NA
CVE-2024-21911
TinyMCE versions prior to 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.
Tiny Tinymce
NA
CVE-2023-45818
TinyMCE is an open source rich text editor. A mutation cross-site scripting (mXSS) vulnerability exists in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming...
Tiny Tinymce
NA
CVE-2020-23066
Cross Site Scripting vulnerability in TinyMCE v.4.9.6 and before and v.5.0.0 thru v.5.1.4 allows an malicious user to execute arbitrary code via the editor function.
Tiny Tinymce
383
VMScore
CVE-2020-12648
A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and previous versions allows remote malicious users to inject arbitrary web script when configured in classic editing mode.
Tiny Tinymce
605
VMScore
CVE-2021-23562
This affects the package plupload prior to 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.
Tiny Plupload
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »