CVE-2023-23995

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Tim Reeves & David Stöckl TinyMCE Custom Styles plugin = 1.1.2 versions...

CVE-2023-44470

Cross-Site Request Forgery CSRF vulnerability in Kvvaradha Kv TinyMCE Editor Add Fonts plugin = 1.1 versions...

CVE-2023-38506

Joplin is a free, open source note taking and to-do application. A Cross-site Scripting XSS vulnerability allows pasting untrusted data into the rich text editor to execute arbitrary code. HTML pasted into the rich text editor is not sanitized or not sanitized properly. As such, the onload...

CVE-2023-2967

The TinyMCE Custom Styles WordPress plugin before 1.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2020-5809

A stored XSS vulnerability exists in Umbraco CMS = 8.9.1 or current. An authenticated user can inject arbitrary JavaScript code into iframes when editing content using the TinyMCE rich-text editor, as TinyMCE is configured to allow iframes by default in Umbraco CMS...

CVE-2020-29592

An issue was discovered in Orchard before 1.10. A broken access control issue in Orchard components that use the TinyMCE HTML editor's file upload allows an attacker to upload dangerous executables that bypass the file types allowed regardless of the file types allowed list in Media settings...

CVE-2014-3844

The TinyMCE Color Picker plugin before 1.2 for WordPress does not properly check permissions, which allows remote attackers to modify plugin settings via unspecified vectors. NOTE: some of these details are obtained from third party information...

CVE-2019-7866

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to edit Product information via the TinyMCE editor...

CVE-2011-4906

Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution...

CVE-2014-3845

Cross-site request forgery CSRF vulnerability in the TinyMCE Color Picker plugin before 1.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that change plugin settings via unknown vectors. NOTE: some of these details are obtained from third par...

CVE-2006-0303

Multiple unspecified vulnerabilities in the 1 publishing component, 2 Contact Component, 3 TinyMCE Compressor, and 4 other components in Joomla! 1.0.5 and earlier have unknown impact and attack vectors...

Security Bulletin: Due to use of TinyMCE 6.8.2 IBM My webMethods Server is vulnerable to cross-site scripting.

Summary TinyMCE is used by IBM My webMethods Server. CVE-2024-38357, CVE-2024-38356 Vulnerability Details CVEID:CVE-2024-38357 DESCRIPTION: TinyMCE is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the noscript elements. A remote attacker could exploit...

Moodle 4.1.x < 4.1.3 Arbitrary Folder Creation

According to its self-reported version, the Moodle install hosted on the remote host is prior to 4.1.3. It is, therefore, affected by an Arbitrary Folder creation in TinyMCE. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported versi...

CVE-2021-37787

The unprivileged administrative interface in ABO.CMS version 5.8 through v.5.9.3 is affected by a SQL Injection vulnerability via a HTTP POST request to the TinyMCE module...

CVE-2021-37787

The unprivileged administrative interface in ABO.CMS version 5.8 through v.5.9.3 is affected by a SQL Injection vulnerability via a HTTP POST request to the TinyMCE module...

ABO.CMS 安全漏洞

ABO.CMS is a content management platform from ABO.CMS, Inc. A security vulnerability exists in ABO.CMS versions 5.8 through 5.9.3, which originates from a SQL injection attack sent to the TinyMCE module via an HTTP POST request...

CVE-2021-37787

The unprivileged administrative interface in ABO.CMS version 5.8 through v.5.9.3 is affected by a SQL Injection vulnerability via a HTTP POST request to the TinyMCE module...

CVE-2021-37787

The unprivileged administrative interface in ABO.CMS version 5.8 through v.5.9.3 is affected by a SQL Injection vulnerability via a HTTP POST request to the TinyMCE module...

CVE-2021-37787

CVE-2021-37787 affects ABO.CMS versions 5.8–5.9.3, due to a SQL Injection vulnerability exploitable via an HTTP POST to the TinyMCE module. The connected documents confirm the affected component (ABO.CMS, TinyMCE integration) and the vulnerability class (SQL injection) but do not provide details ...

WordPress Download HTML TinyMCE Button plugin <= 1.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin Download HTML TinyMCE Button versions = 1.2...