CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

872 matches found

OSV•added 2024/03/06 10:59 a.m.•19 views

BIT-MOODLE-2023-30943 Moodle: tinymce loaders susceptible to arbitrary folder creation

The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system...

6.5CVSS5.8AI score0.26507EPSS

Exploits3References7

OSV•added 2024/02/21 7:15 a.m.•0 views

CVE-2024-25904

Cross-Site Request Forgery CSRF vulnerability in David Stockl TinyMCE and TinyMCE Advanced Professsional Formats and Styles.This issue affects TinyMCE and TinyMCE Advanced Professsional Formats and Styles: from n/a through 1.1.2...

8.8CVSS7.3AI score

Exploits0References1

NVD•added 2024/02/21 7:15 a.m.•12 views

CVE-2024-25904

8.8CVSS4.6AI score0.0007EPSS

Exploits0References1

Prion•added 2024/02/21 7:15 a.m.•15 views

Cross site request forgery (csrf)

4.3CVSS7.5AI score0.0007EPSS

Exploits0References1

Cvelist•added 2024/02/21 6:51 a.m.•19 views

CVE-2024-25904 WordPress TinyMCE Professional Formats and Styles Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

4.3CVSS4.9AI score0.0007EPSS

Exploits0References1

CVE•added 2024/02/21 6:51 a.m.•78 views

CVE-2024-25904

CVE-2024-25904 concerns a CSRF vulnerability in the TinyMCE and TinyMCE Advanced Professsional Formats and Styles WordPress plugin. Affected versions are n/a through 1.1.2. The core issue is Cross-Site Request Forgery that could enable unauthorized actions by an authenticated user. Reported sever...

8.8CVSS6.3AI score0.0007EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2024/02/21 6:51 a.m.•11 views

CVE-2024-25904 WordPress TinyMCE Professional Formats and Styles Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

4.3CVSS7AI score0.0007EPSS

Exploits0References1

CNNVD•added 2024/02/21 12:0 a.m.•2 views

WordPress Plugin TinyMCE and TinyMCE Advanced Professsional Formats and Styles Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

8.8CVSS6.8AI score0.0007EPSS

Exploits0References2

Positive Technologies•added 2024/02/21 12:0 a.m.•2 views

PT-2024-21195 · Unknown +1 · Tinymce Advanced Professional Formats/Styles +1

Name of the Vulnerable Software and Affected Versions: TinyMCE and TinyMCE Advanced Professional Formats and Styles versions n/a through 1.1.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing...

8.8CVSS5.4AI score0.0007EPSS

Exploits0References4

IBM Security Bulletins•added 2024/02/15 2:47 p.m.•37 views

Security Bulletin: There is a vulnerability in tinymce-6.3.1.min.js used by IBM Maximo Asset Management application (CVE-2023-45819 and CVE-2023-45818)

Summary There is a vulnerability in tinymce-6.3.1.min.js used by IBM Maximo Asset Management application. Vulnerability Details CVEID:CVE-2023-45819 DESCRIPTION: TinyMCE is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Notification Manager API. A...

6.1CVSS5.9AI score0.02191EPSS

Exploits0Affected Software1

Patchstack•added 2024/02/12 12:0 a.m.•9 views

WordPress TinyMCE Professional Formats and Styles Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software TinyMCE Professional Formats and Styles Type Plugin Vulnerable versions = 1.1.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-25904 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID da99710ec4d8 Credi...

8.8CVSS6.6AI score0.0007EPSS

Exploits0References1Affected Software1

IBM Security Bulletins•added 2024/02/06 9:44 a.m.•32 views

Security Bulletin: IBM Maximo Application Suite uses tinymce-5.10.8.tgz which is vulnerable to CVE-2023-48219

Summary IBM Maximo Application Suite uses tinymce-5.10.8.tgz which is vulnerable to CVE-2023-48219. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-48219 DESCRIPTION: TinyMCE is vulnerable to cross-site scripting, caused by...

6.1CVSS6.1AI score0.02076EPSS

Exploits0Affected Software1

Tenable Nessus•added 2024/01/24 12:0 a.m.•25 views

FreeBSD : TinyMCE -- mXSS in multiple plugins (9532a361-b84d-11ee-b0d7-84a93843eb75)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 9532a361-b84d-11ee-b0d7-84a93843eb75 advisory. - TinyMCE is an open source rich text editor. A mutation cross-site scripting mXSS vulnerability was...

6.1CVSS5.7AI score0.02076EPSS

Exploits0References4

Veracode•added 2024/01/04 10:26 a.m.•18 views

Cross-site Scripting (XSS)

tinymce is vulnerable to Cross-Site Scripting. The vulnerability is due to a lack of proper sanitization for iframe, object and embed URL attributes within the TinyMCE's core parser. This allows an attacker to insert a specially crafted piece of content into the editor using the clipboard or APIs...

6.1CVSS6.9AI score0.01446EPSS

Exploits1References5Affected Software2

OSV•added 2024/01/03 6:30 p.m.•5 views

GHSA-WXJ2-777F-VXMF Duplicate Advisory: Cross-site scripting vulnerability in TinyMCE plugins

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5h9g-x5rv-25wg. This link is maintained to preserve external references. Original Description TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated...

6.1CVSS6.1AI score0.04084EPSS

Exploits1References7

Github Security Blog•added 2024/01/03 6:30 p.m.•19 views

Duplicate Advisory: Cross-site scripting vulnerability in TinyMCE plugins

6.1CVSS6.7AI score0.04084EPSS

Exploits1References8Affected Software1

OSV•added 2024/01/03 6:30 p.m.•6 views

GHSA-Q5PP-5Q2H-G8RV Duplicate Advisory: Cross-site scripting vulnerability in TinyMCE

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5h9g-x5rv-25wg. This link is maintained to preserve external references. Original Description TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and...

6.1CVSS6AI score0.01446EPSS

Exploits1References6

OSV•added 2024/01/03 6:30 p.m.•4 views

GHSA-GJHC-6XM7-MC8Q Duplicate Advisory: Cross-site scripting vulnerability in TinyMCE

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5h9g-x5rv-25wg. This link is maintained to preserve external references. Original Description TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and...

6.1CVSS6AI score0.00517EPSS

Exploits1References5

NVD•added 2024/01/03 4:15 p.m.•19 views

CVE-2024-21910

TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser...

6.1CVSS6.2AI score0.04084EPSS

Exploits1References6

NVD•added 2024/01/03 4:15 p.m.•11 views

CVE-2024-21911

TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser...

6.1CVSS6AI score0.01446EPSS

Exploits1References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by