Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

869 matches found

Packet Storm
Packet Stormadded 2024/09/26 12:0 a.m.223 views

PHP ACRSS 1.0 WYSIWYG Code Injection

============================================================================================================================================= | Title : php acrss 1.0 WYSIWYG code injection vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64...

7.4AI score
Exploits0
Packet Storm
Packet Stormadded 2024/09/24 12:0 a.m.192 views

Lost And Found Information System 1.0 WYSIWYG Code Injection

============================================================================================================================================= | Title : Lost and Found Information System 1.0 WYSIWYG code injection vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...

7.4AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/19 3:46 p.m.8 views

Security Bulletin: IBM Maximo Application Suite uses tinymce-6.8.3.tgz which is vulnerable to CVE-2024-38357, CVE-2024-38356

Summary IBM Maximo Application Suite uses tinymce-6.8.3.tgz which is vulnerable to CVE-2024-38357, CVE-2024-38356. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-38357 DESCRIPTION: TinyMCE is vulnerable to cross-site scripting,...

6.1CVSS6AI score0.01148EPSS
Exploits0Affected Software1
OSV
OSVadded 2024/07/17 4:0 p.m.8 views

GHSA-52CW-PVQ9-9M5V Silverstripe uses TinyMCE which allows svg files linked in object tags

Impact TinyMCE v6 has a configuration value convertunsafeembeds set to false which allows svg files containing javascript to be used in or tags, which can be used as a vector for XSS attacks. Note that tags are not allowed by default. After patching the default value of convertunsafeembeds will b...

5.4CVSS6.1AI score
Exploits0References5
Github Security Blog
Github Security Blogadded 2024/07/17 4:0 p.m.7 views

Silverstripe uses TinyMCE which allows svg files linked in object tags

Impact TinyMCE v6 has a configuration value convertunsafeembeds set to false which allows svg files containing javascript to be used in or tags, which can be used as a vector for XSS attacks. Note that tags are not allowed by default. After patching the default value of convertunsafeembeds will b...

6.1AI score
Exploits0References5Affected Software1
Friends Of PHP
Friends Of PHPadded 2024/07/17 12:24 a.m.18 views

SS-2024-001 - TinyMCE allows svg files linked in object tags

More info at https://www.silverstripe.org/download/security-releases/ss-2024-001...

7.2AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/07/15 7:26 a.m.17 views

Security Bulletin: IBM Maximo Application Suite uses tinymce-5.10.9.tgz which is vulnerable to CVE-2024-29203, CVE-2024-29881, and CVE-2024-29203.

Summary IBM Maximo Application Suite uses tinymce-5.10.9.tgz which is vulnerable to CVE-2024-29203, CVE-2024-29881, and CVE-2024-29203. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-29203 DESCRIPTION: TinyMCE is vulnerable to...

6.1CVSS4.8AI score0.05137EPSS
Exploits0Affected Software1
NVD
NVDadded 2024/06/21 8:15 p.m.29 views

CVE-2023-38506

Joplin is a free, open source note taking and to-do application. A Cross-site Scripting XSS vulnerability allows pasting untrusted data into the rich text editor to execute arbitrary code. HTML pasted into the rich text editor is not sanitized or not sanitized properly. As such, the onload...

8.2CVSS0.00468EPSS
Exploits1References1
CVE
CVEadded 2024/06/21 7:43 p.m.49 views

CVE-2023-38506

Summary of CVE-2023-38506 (Joplin) : A Cross-site Scripting (XSS) vulnerability arises when pasting untrusted HTML into Joplin’s rich text editor. HTML pasted into the editor is not properly sanitized, allowing the onload attribute of pasted images to execute arbitrary code. Because the TinyMCE e...

8.2CVSS7.7AI score0.00468EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2024/06/21 7:43 p.m.14 views

CVE-2023-38506 Cross-site Scripting (XSS) when pasting HTML into the rich text editor in Joplin

Joplin is a free, open source note taking and to-do application. A Cross-site Scripting XSS vulnerability allows pasting untrusted data into the rich text editor to execute arbitrary code. HTML pasted into the rich text editor is not sanitized or not sanitized properly. As such, the onload...

8.2CVSS0.00468EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2024/06/21 7:43 p.m.14 views

CVE-2023-38506 Cross-site Scripting (XSS) when pasting HTML into the rich text editor in Joplin

Joplin is a free, open source note taking and to-do application. A Cross-site Scripting XSS vulnerability allows pasting untrusted data into the rich text editor to execute arbitrary code. HTML pasted into the rich text editor is not sanitized or not sanitized properly. As such, the onload...

8.2CVSS6.2AI score0.00468EPSS
Exploits1References1
Veracode
Veracodeadded 2024/06/20 7:44 a.m.13 views

Cross-Site Scripting (XSS)

TinyMCE is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to unsafe parsing of noscript elements, which allows an attacker to execute malicious code when the content is loaded into the editor...

6.1CVSS6.5AI score0.01148EPSS
Exploits0References5Affected Software2
Veracode
Veracodeadded 2024/06/20 6:28 a.m.13 views

Cross-Site Scripting (XSS)

TinyMCE is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the content extraction feature, specifically when using the noneditableregexp option, which allows an attacker to execute malicious code through specially crafted HTML attributes during content extraction...

6.1CVSS6.3AI score0.00744EPSS
Exploits0References5Affected Software2
NVD
NVDadded 2024/06/19 8:15 p.m.15 views

CVE-2024-38356

TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content extraction code. When using the noneditableregexp option, specially crafted HTML attributes containing malicious code were able to be executed when content was extracted from t...

6.1CVSS0.00744EPSS
Exploits0References5
NVD
NVDadded 2024/06/19 8:15 p.m.15 views

CVE-2024-38357

TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor. This vulnerability has bee...

6.1CVSS0.01148EPSS
Exploits0References5
OSV
OSVadded 2024/06/19 8:15 p.m.0 views

UBUNTU-CVE-2024-38356

TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content extraction code. When using the noneditableregexp option, specially crafted HTML attributes containing malicious code were able to be executed when content was extracted from t...

6.1CVSS7.1AI score0.00744EPSS
Exploits0References8
UbuntuCve
UbuntuCveadded 2024/06/19 8:15 p.m.15 views

CVE-2024-38357

TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor. This vulnerability has bee...

6.1CVSS6.8AI score0.01148EPSS
Exploits0References7
OSV
OSVadded 2024/06/19 8:15 p.m.0 views

UBUNTU-CVE-2024-38357

TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor. This vulnerability has bee...

6.1CVSS6.7AI score0.01148EPSS
Exploits0References8
UbuntuCve
UbuntuCveadded 2024/06/19 8:15 p.m.11 views

CVE-2024-38356

TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content extraction code. When using the noneditableregexp option, specially crafted HTML attributes containing malicious code were able to be executed when content was extracted from t...

6.1CVSS6.7AI score0.00744EPSS
Exploits0References7
CVE
CVEadded 2024/06/19 8:3 p.m.112 views

CVE-2024-38357

CVE-2024-38357 affects TinyMCE (open-source rich text editor). The vulnerability is a cross-site scripting (XSS) issue in the content parsing that allows crafted noscript elements to execute malicious code when loaded in the editor. Root cause: improper validation/handling of noscript content in ...

6.1CVSS5.8AI score0.01148EPSS
Exploits0References5
Rows per page
Query Builder