CVE-2024-21910 Cross-site scripting vulnerability in TinyMCE plugins

TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser...

CVE-2024-21908

CVE-2024-21908 (TinyMCE) : Affected software versions are TinyMCE before 5.9.0. The issue is a stored cross-site scripting vulnerability where an unauthenticated, remote attacker can insert crafted HTML into the editor, leading to arbitrary JavaScript execution in another user’s browser. Root cau...

CVE-2024-21908 Cross-site scripting vulnerability in TinyMCE

TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser...

CVE-2024-21908

Removed by vendor...

CVE-2024-21908 Cross-site scripting vulnerability in TinyMCE

TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser...

Tiny Technologies TinyMCE Cross-Site Scripting Vulnerability

Tiny Technologies TinyMCE is a rich text editor from Tiny Technologies, USA. A cross-site scripting vulnerability exists in Tiny Technologies TinyMCE prior to version 5.6.0, which originated from a vulnerability that could allow a remote attacker to insert crafted HTML into the editor, resulting ...

Tiny Technologies TinyMCE Cross-Site Scripting Vulnerability

Tiny Technologies TinyMCE is a rich text editor from Tiny Technologies, USA. A cross-site scripting vulnerability exists in Tiny Technologies TinyMCE prior to version 5.9.0, which originates from an authenticated, remote attacker who can insert crafted HTML into the editor, resulting in the...

Tiny Technologies TinyMCE Cross-Site Scripting Vulnerability

Tiny Technologies TinyMCE is a rich text editor from Tiny Technologies, USA. A cross-site scripting vulnerability exists in TinyMCE versions prior to 5.10.0 that could allow an attacker to execute arbitrary JavaScript when updating an image or link with a specially crafted URL...

Magento LTS vulnerable to Stored XSS via TinyMCE WYSIWYG Editor

From HackerOne report 1948040 by Halit AKAYDIN hltakydn Impact What kind of vulnerability is it? Who is impacted? The TinyMCE WYSIWYG editor fails to filter scripts when rendering the HTML in specially crafted HTML tags. Patches Has the problem been patched? What versions should users upgrade to?...

GHSA-9J5W-2CQC-CWJ9 Magento LTS vulnerable to Stored XSS via TinyMCE WYSIWYG Editor

From HackerOne report 1948040 by Halit AKAYDIN hltakydn Impact What kind of vulnerability is it? Who is impacted? The TinyMCE WYSIWYG editor fails to filter scripts when rendering the HTML in specially crafted HTML tags. Patches Has the problem been patched? What versions should users upgrade to?...

PT-2023-33004 · Tinymce +1 · Tinymce +1

Name of the Vulnerable Software and Affected Versions: TinyMCE versions prior to 20.2.0 OpenMage magento-lts versions prior to 20.2.0 Description: The TinyMCE WYSIWYG editor fails to filter scripts when rendering HTML in specially crafted HTML tags, allowing for potential exploitation. This issue...

Mutation Cross-Site Scripting (mXSS)

tinymce is vulnerable to mutation cross-site scripting mXSS. The vulnerability is caused due to lack of sanitization in handling of text nodes.This could allow an attacker to inject malicious scripts...

Cross-site Scripting (XSS)

Overview TinyMCE is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting XSS via mutation of inner HTML. An attacker can inject malicious scripts that pass the initial sanitization layer when the content is parsed into the...

CVE-2023-48219

TinyMCE is an open source rich text editor. A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon serialization according to the HTML standard. If such text...

Cross site scripting

TinyMCE is an open source rich text editor. A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon serialization according to the HTML standard. If such text...

CVE-2023-48219

TinyMCE is an open source rich text editor. A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon serialization according to the HTML standard. If such text...

CVE-2023-48219

Removed by vendor...

CVE-2023-48219

Summary of CVE-2023-48219 (TinyMCE): A mutation XSS (mXSS) flaw in TinyMCE’s core undo/redo and related APIs/plugins arises from text nodes in certain parents not being escaped during serialization per HTML standards. If a text node contains a special internal marker, it can combine with other HT...

CVE-2023-48219 Special characters in unescaped text nodes can trigger mXSS in TinyMCE

TinyMCE is an open source rich text editor. A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon serialization according to the HTML standard. If such text...

CVE-2023-48219 Special characters in unescaped text nodes can trigger mXSS in TinyMCE

TinyMCE is an open source rich text editor. A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon serialization according to the HTML standard. If such text...