872 matches found
CVE-2023-48219 Special characters in unescaped text nodes can trigger mXSS in TinyMCE
TinyMCE is an open source rich text editor. A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon serialization according to the HTML standard. If such text...
GHSA-V626-R774-J7F8 TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes
Impact A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon serialization according to the HTML standard. If such text nodes contain a special character...
@arkxio/ark-ui (>=0.1.0 <=0.1.18), @arkxio/ark-ui-src (=0.1.0) +33 more potentially affected by CVE-2023-48219 via tinymce (>=6.0.0 <=6.6.2)
tinymce NPM version =6.0.0, =0.1.0, =0.1.19, =0.1.0, =0.1.0, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.2 and more Source cves: CVE-2023-48219 Source advisory: OSV:GHSA-V626-R774-J7F8...
@agentlab/ldkg-ui-basetable (=0.1.1), @agentlab/ldkg-ui-charts (>=0.1.2 <=0.1.7) +330 more potentially affected by CVE-2023-48219 via tinymce (>=4.5.1 <=5.10.8)
tinymce NPM version =4.5.1, =0.1.2, =0.3.7, =0.1.17, =1.0.0, =1.0.0, =1.33.0, =1.0.0-alpha.39-baliz, =4.3.0, =0.5.0, =0.1.0, =0.0.4, =0.1.2, =0.8.4, =0.8.5 and more Source cves: CVE-2023-48219 Source advisory: OSV:GHSA-V626-R774-J7F8...
TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes
Impact A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon serialization according to the HTML standard. If such text nodes contain a special character...
PT-2023-30737 · Tinymce · Tinymce
Name of the Vulnerable Software and Affected Versions: TinyMCE versions prior to 5.10.9 TinyMCE versions prior to 6.7.3 Description: A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific...
TinyMCE -- mXSS in multiple plugins
TinyMCE reports: Special characters in unescaped text nodes can trigger mXSS when using TinyMCE undo/redo, getContentAPI, resetContentAPI, and Autosave plugin...
Cross-site Scripting
tinymce is vulnerable to Cross-site Scripting. The vulnerability is due to the memBannerText function in Notification.ts which lacks HTML content sanitization within. This allows attacker to perform cross-site scripting XSS attacks while rendering or handling the HTML content of notifications...
Cross-site Scripting (XSS)
TinyMCE is vulnerable to Cross-site Scripting XSS. The vulnerability occurs when an HTML snippet is restored from the undo stack. In this situation, a combination of string manipulation and reparative parsing by the browser's native DomParser API results in malicious mutations to the HTML. This, ...
Cross-site Scripting (XSS)
Overview TinyMCE is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Notification Manager API due to improper input sanitization. An attacker can execute arbitrary JavaScript when a notification is presented i...
Cross-site Scripting (XSS)
Overview TinyMCE is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the core undo and redo functionality. An attacker can exploit this vulnerability by passing a carefully-crafted HTML snippet that bypasses the...
CVE-2023-45819
TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s Notification Manager API. The vulnerability exploits TinyMCE's unfiltered notification system, which is used in error handling. The conditions for this exploit requires carefully craft...
CVE-2023-45818
TinyMCE is an open source rich text editor. A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before...
Cross site scripting
TinyMCE is an open source rich text editor. A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before...
Cross site scripting
TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s Notification Manager API. The vulnerability exploits TinyMCE's unfiltered notification system, which is used in error handling. The conditions for this exploit requires carefully craft...
CVE-2023-45819
TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s Notification Manager API. The vulnerability exploits TinyMCE's unfiltered notification system, which is used in error handling. The conditions for this exploit requires carefully craft...
UBUNTU-CVE-2023-45818
TinyMCE is an open source rich text editor. A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before...
UBUNTU-CVE-2023-45819
TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s Notification Manager API. The vulnerability exploits TinyMCE's unfiltered notification system, which is used in error handling. The conditions for this exploit requires carefully craft...
CVE-2023-45818
TinyMCE is an open source rich text editor. A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before...
CVE-2023-45818 Cross-site Scripting vulnerability in TinyMCE undo/redo, getContent API, resetContent API, and Autosave plugin
TinyMCE is an open source rich text editor. A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before...