Filtered by vendor Tiny
Subscribe
Search
Total
11 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-21908 | 1 Tiny | 1 Tinymce | 2024-01-08 | N/A | 6.1 MEDIUM |
| TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser. | |||||
| CVE-2024-21910 | 1 Tiny | 1 Tinymce | 2024-01-08 | N/A | 6.1 MEDIUM |
| TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser. | |||||
| CVE-2024-21911 | 1 Tiny | 1 Tinymce | 2024-01-08 | N/A | 6.1 MEDIUM |
| TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser. | |||||
| CVE-2023-48219 | 1 Tiny | 1 Tinymce | 2023-11-22 | N/A | 6.1 MEDIUM |
| TinyMCE is an open source rich text editor. A mutation cross-site scripting (mXSS) vulnerability was discovered in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon serialization according to the HTML standard. If such text nodes contain a special character reserved as an internal marker, they can be combined with other HTML patterns to form malicious snippets. These snippets pass the initial sanitisation layer when the content is parsed into the editor body, but can trigger XSS when the special internal marker is removed from the content and re-parsed. his vulnerability has been patched in TinyMCE versions 6.7.3 and 5.10.9. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2021-23562 | 1 Tiny | 1 Plupload | 2021-12-07 | 6.8 MEDIUM | 8.8 HIGH |
| This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file. | |||||
| CVE-2020-12648 | 1 Tiny | 1 Tinymce | 2020-08-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode. | |||||
| CVE-2020-17480 | 1 Tiny | 1 Tinymce | 2020-08-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor. | |||||
| CVE-2019-1010091 | 1 Tiny | 1 Tinymce | 2020-08-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The component is: Media element. The attack vector is: The victim must paste malicious content to media element's embed tab. | |||||
| CVE-2011-4908 | 1 Tiny | 1 Tinybrowser | 2020-02-25 | 10.0 HIGH | 9.8 CRITICAL |
| TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php. | |||||
| CVE-2011-4906 | 1 Tiny | 1 Tinybrowser | 2020-02-25 | 7.5 HIGH | 9.8 CRITICAL |
| Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution. | |||||
| CVE-2019-10012 | 2 Jenzabar, Tiny | 2 Internet Campus Solution, Moxiemanager | 2019-09-20 | 6.0 MEDIUM | 7.5 HIGH |
| Jenzabar JICS (aka Internet Campus Solution) before 9 allows remote attackers to upload and execute arbitrary .aspx code by placing it in a ZIP archive and using the MoxieManager (for .NET) plugin before 2.1.4 in the moxiemanager directory within the installation folder ICS\ICS.NET\ICSFileServer. | |||||