869 matches found
CVE-2024-38357 TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements
TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor. This vulnerability has bee...
CVE-2024-38357
Removed by vendor...
CVE-2024-38357 TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements
TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor. This vulnerability has bee...
CVE-2024-38357 TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements
TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor. This vulnerability has bee...
CVE-2024-38356 TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option
TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content extraction code. When using the noneditableregexp option, specially crafted HTML attributes containing malicious code were able to be executed when content was extracted from t...
CVE-2024-38356 TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option
TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content extraction code. When using the noneditableregexp option, specially crafted HTML attributes containing malicious code were able to be executed when content was extracted from t...
CVE-2024-38356
CVE-2024-38356 affects TinyMCE. The XSS flaw arises in the content extraction path when using the noneditable_regexp option, where HTML attributes could bypass validation and execute malicious code. Patched in TinyMCE 7.2.0, 6.8.4, and 5.11.0 LTS by verifying that content inside attributes matche...
CVE-2024-38356
Removed by vendor...
CVE-2024-38356 TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option
TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content extraction code. When using the noneditableregexp option, specially crafted HTML attributes containing malicious code were able to be executed when content was extracted from t...
@ifanrx/dashboard (>=0.1.1 <=1.3.0-alpha-20240730001), @ithinkdt/editor (>=3.4.11 <=3.5.0) +1 more potentially affected by CVE-2024-38356 via tinymce (>=7.0.1 <=7.1.2)
tinymce NPM version =7.0.1, =0.1.1, =3.4.11, =3.0.7, =3.4.0-5 Source cves: CVE-2024-38356 Source advisory: OSV:GHSA-9HCV-J9PV-QMPH...
3h1-ui (>=3.0.0-liingyun.1 <=3.0.0-next.258), @abt-desk/apm (>=0.0.1 <=0.33.12) +1185 more potentially affected by CVE-2024-38356 via tinymce (>=4.5.1 <=5.10.9)
tinymce NPM version =4.5.1, =3.0.0-liingyun.1, =0.0.1, =0.1.0, =0.1.2, =0.3.7, =0.1.17, =0.1.0, =0.0.1, =1.0.0, =0.2.0-0, =1.0.18-beta.8, =1.0.0, =1.2.3-beta.1, =0.1.1, =0.1.11 and more Source cves: CVE-2024-38356 Source advisory: OSV:GHSA-9HCV-J9PV-QMPH...
bpp-iplweb (>=202304.1100.0 <=202504.1174.0), django-saas-email (>=0.1.21 <=0.1.29) +8 more potentially affected by CVE-2024-38356 via django-tinymce (>=1.5.1b4 <=3.7.1)
django-tinymce PYPI version =1.5.1b4, =202304.1100.0, =0.1.21, =0.8.0, =3.3.3, =0.6.0, =0.1.3.2, =1.0.0b1, =0.3.0, =0.5.2 - zinnia-wysiwyg-tinymce =1.4.0 Source cves: CVE-2024-38356 Source advisory: OSV:GHSA-9HCV-J9PV-QMPH...
@arkxio/ark-ui (>=0.1.0 <=0.1.18), @arkxio/ark-ui-src (=0.1.0) +38 more potentially affected by CVE-2024-38356 via tinymce (>=6.0.0 <=6.8.3)
tinymce NPM version =6.0.0, =0.1.0, =0.1.19, =0.1.0, =0.1.0, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.7 and more Source cves: CVE-2024-38356 Source advisory: OSV:GHSA-9HCV-J9PV-QMPH...
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option
Impact A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content extraction code. When using the noneditableregexp option, specially crafted HTML attributes containing malicious code were able to be executed when content was extracted from the editor. Patches This vulnerability...
Cross-site Scripting (XSS)
Overview TinyMCE is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting XSS when using the noneditableregexp option on an element whose content does not match the regex. An attacker can inject malicious scripts into HTML...
GHSA-9HCV-J9PV-QMPH TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option
Impact A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content extraction code. When using the noneditableregexp option, specially crafted HTML attributes containing malicious code were able to be executed when content was extracted from the editor. Patches This vulnerability...
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements
Impact A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor. Patches This vulnerability has been patched in TinyMCE 7.2.0,...
@arkxio/ark-ui (>=0.1.0 <=0.1.18), @arkxio/ark-ui-src (=0.1.0) +38 more potentially affected by CVE-2024-38357 via tinymce (>=6.0.0 <=6.8.3)
tinymce NPM version =6.0.0, =0.1.0, =0.1.19, =0.1.0, =0.1.0, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.7 and more Source cves: CVE-2024-38357 Source advisory: OSV:GHSA-W9JX-4G6G-RP7X...
@ifanrx/dashboard (>=0.1.1 <=1.3.0-alpha-20240730001), @ithinkdt/editor (>=3.4.11 <=3.5.0) +1 more potentially affected by CVE-2024-38357 via tinymce (>=7.0.1 <=7.1.2)
tinymce NPM version =7.0.1, =0.1.1, =3.4.11, =3.0.7, =3.4.0-5 Source cves: CVE-2024-38357 Source advisory: OSV:GHSA-W9JX-4G6G-RP7X...
bpp-iplweb (>=202304.1100.0 <=202504.1174.0), django-saas-email (>=0.1.21 <=0.1.29) +8 more potentially affected by CVE-2024-38357 via django-tinymce (>=1.5.1b4 <=3.7.1)
django-tinymce PYPI version =1.5.1b4, =202304.1100.0, =0.1.21, =0.8.0, =3.3.3, =0.6.0, =0.1.3.2, =1.0.0b1, =0.3.0, =0.5.2 - zinnia-wysiwyg-tinymce =1.4.0 Source cves: CVE-2024-38357 Source advisory: OSV:GHSA-W9JX-4G6G-RP7X...