Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

872 matches found

Debian CVE
Debian CVEadded 2023/10/19 9:18 p.m.44 views

CVE-2023-45818

Removed by vendor...

6.1CVSS6.2AI score0.01282EPSS
Exploits0
CVE
CVEadded 2023/10/19 9:18 p.m.66 views

CVE-2023-45818

Concrete details confirm CVE-2023-45818 affects TinyMCE undo/redo logic, where HTML is mutated by a combination of string trimming and reparative parsing when restoring from the undo stack, enabling XSS. The issue also affects related APIs/plugins (tinymce.Editor.getContent({ format: 'raw' }), re...

6.1CVSS5.8AI score0.01282EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichmentadded 2023/10/19 9:18 p.m.17 views

CVE-2023-45818 Cross-site Scripting vulnerability in TinyMCE undo/redo, getContent API, resetContent API, and Autosave plugin

TinyMCE is an open source rich text editor. A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before...

6.1CVSS5.2AI score0.01282EPSS
Exploits0References5
OSV
OSVadded 2023/10/19 9:18 p.m.14 views

CVE-2023-45818 Cross-site Scripting vulnerability in TinyMCE undo/redo, getContent API, resetContent API, and Autosave plugin

TinyMCE is an open source rich text editor. A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before...

6.1CVSS5.5AI score0.01282EPSS
Exploits0References7
CVE
CVEadded 2023/10/19 9:13 p.m.58 views

CVE-2023-45819

CVE-2023-45819 is a cross-site scripting vulnerability in TinyMCE’s Notification Manager API. An attacker could trigger arbitrary JavaScript execution by injecting unfiltered HTML into a notification text displayed in the TinyMCE UI for the current user, requiring crafted content and a notificati...

6.1CVSS6AI score0.02191EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2023/10/19 9:13 p.m.12 views

CVE-2023-45819 Cross-site Scripting vulnerability in TinyMCE notificationManager.open API

TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s Notification Manager API. The vulnerability exploits TinyMCE's unfiltered notification system, which is used in error handling. The conditions for this exploit requires carefully craft...

6.1CVSS5.6AI score0.02191EPSS
Exploits0References1
Cvelist
Cvelistadded 2023/10/19 9:13 p.m.19 views

CVE-2023-45819 Cross-site Scripting vulnerability in TinyMCE notificationManager.open API

TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s Notification Manager API. The vulnerability exploits TinyMCE's unfiltered notification system, which is used in error handling. The conditions for this exploit requires carefully craft...

6.1CVSS6.2AI score0.02191EPSS
Exploits0References1
OSV
OSVadded 2023/10/19 9:13 p.m.12 views

CVE-2023-45819 Cross-site Scripting vulnerability in TinyMCE notificationManager.open API

TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s Notification Manager API. The vulnerability exploits TinyMCE's unfiltered notification system, which is used in error handling. The conditions for this exploit requires carefully craft...

6.1CVSS5.8AI score0.02191EPSS
Exploits0References3
Debian CVE
Debian CVEadded 2023/10/19 9:13 p.m.52 views

CVE-2023-45819

Removed by vendor...

6.1CVSS6.2AI score0.02191EPSS
Exploits0
Github Security Blog
Github Security Blogadded 2023/10/19 4:42 p.m.55 views

TinyMCE XSS vulnerability in notificationManager.open API

Impact A cross-site scripting XSS vulnerability was discovered in TinyMCE’s Notification Manager API. The vulnerability exploits TinyMCE's unfiltered notification system, which is used in error handling. The conditions for this exploit requires carefully crafted malicious content to have been...

6.1CVSS6.7AI score0.02191EPSS
Exploits0References5Affected Software2
vulnersOsv
vulnersOsvadded 2023/10/19 4:42 p.m.3 views

@agentlab/ldkg-ui-basetable (=0.1.1), @agentlab/ldkg-ui-charts (>=0.1.2 <=0.1.7) +329 more potentially affected by CVE-2023-45819 via tinymce (>=4.5.1 <=5.10.7)

tinymce NPM version =4.5.1, =0.1.2, =0.3.7, =0.1.17, =1.0.0, =1.0.0, =1.33.0, =1.0.0-alpha.39-baliz, =4.3.0, =0.5.0, =0.1.0, =0.0.4, =0.1.2, =0.8.4, =0.8.5 and more Source cves: CVE-2023-45819 Source advisory: OSV:GHSA-HGQX-R2HP-JR38...

6.1CVSS6.3AI score0.02191EPSS
Exploits0
OSV
OSVadded 2023/10/19 4:42 p.m.1 views

GHSA-HGQX-R2HP-JR38 TinyMCE XSS vulnerability in notificationManager.open API

Impact A cross-site scripting XSS vulnerability was discovered in TinyMCE’s Notification Manager API. The vulnerability exploits TinyMCE's unfiltered notification system, which is used in error handling. The conditions for this exploit requires carefully crafted malicious content to have been...

6.1CVSS6.1AI score0.02191EPSS
Exploits0References5
vulnersOsv
vulnersOsvadded 2023/10/19 4:42 p.m.1 views

@arkxio/ark-ui (>=0.1.0 <=0.1.18), @arkxio/ark-ui-src (=0.1.0) +33 more potentially affected by CVE-2023-45819 via tinymce (>=6.0.0 <=6.6.2)

tinymce NPM version =6.0.0, =0.1.0, =0.1.19, =0.1.0, =0.1.0, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.2 and more Source cves: CVE-2023-45819 Source advisory: OSV:GHSA-HGQX-R2HP-JR38...

6.1CVSS6.3AI score0.02191EPSS
Exploits0
vulnersOsv
vulnersOsvadded 2023/10/19 4:36 p.m.1 views

@agentlab/ldkg-ui-basetable (=0.1.1), @agentlab/ldkg-ui-charts (>=0.1.2 <=0.1.7) +329 more potentially affected by CVE-2023-45818 via tinymce (>=4.5.1 <=5.10.7)

tinymce NPM version =4.5.1, =0.1.2, =0.3.7, =0.1.17, =1.0.0, =1.0.0, =1.33.0, =1.0.0-alpha.39-baliz, =4.3.0, =0.5.0, =0.1.0, =0.0.4, =0.1.2, =0.8.4, =0.8.5 and more Source cves: CVE-2023-45818 Source advisory: OSV:GHSA-V65R-P3VV-JJFV...

6.1CVSS6.3AI score0.01282EPSS
Exploits0
OSV
OSVadded 2023/10/19 4:36 p.m.1 views

GHSA-V65R-P3VV-JJFV TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin

Impact A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before being stored in the undo stack. If t...

6.1CVSS5.6AI score0.01282EPSS
Exploits0References7
vulnersOsv
vulnersOsvadded 2023/10/19 4:36 p.m.1 views

@arkxio/ark-ui (>=0.1.0 <=0.1.18), @arkxio/ark-ui-src (=0.1.0) +33 more potentially affected by CVE-2023-45818 via tinymce (>=6.0.0 <=6.6.2)

tinymce NPM version =6.0.0, =0.1.0, =0.1.19, =0.1.0, =0.1.0, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.2 and more Source cves: CVE-2023-45818 Source advisory: OSV:GHSA-V65R-P3VV-JJFV...

6.1CVSS6.3AI score0.01282EPSS
Exploits0
Github Security Blog
Github Security Blogadded 2023/10/19 4:36 p.m.31 views

TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin

Impact A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before being stored in the undo stack. If t...

6.1CVSS6AI score0.01282EPSS
Exploits0References7Affected Software2
CNNVD
CNNVDadded 2023/10/19 12:0 a.m.2 views

Tiny Technologies TinyMCE Cross-Site Scripting Vulnerability

Tiny Technologies TinyMCE is a rich text editor from Tiny Technologies. A security vulnerability exists in TinyMCE, which stems from a cross-site scripting XSS vulnerability discovered in TinyMCE's Notification Manager API...

6.1CVSS5.9AI score0.02191EPSS
Exploits0References2
CNNVD
CNNVDadded 2023/10/19 12:0 a.m.3 views

TinyMCE Cross-Site Scripting Vulnerability

Tiny Technologies TinyMCE is a rich text editor from Tiny Technologies, Inc. A security vulnerability exists in TinyMCE, which stems from a mutant cross-site scripting mXSS vulnerability discovered in TinyMCE's core undo and redo functionality...

6.1CVSS6.3AI score0.01282EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2023/10/19 12:0 a.m.1 views

PT-2023-29708 · Tinymce · Tinymce

Name of the Vulnerable Software and Affected Versions: TinyMCE versions prior to 5.10.8 TinyMCE versions prior to 6.7.1 Description: A cross-site scripting XSS vulnerability was discovered in TinyMCE’s Notification Manager API. The vulnerability exploits TinyMCE's unfiltered notification system,...

6.1CVSS6AI score0.02191EPSS
Exploits0References15
Rows per page
Query Builder