872 matches found
CVE-2023-2967
The TinyMCE Custom Styles WordPress plugin before 1.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-2967
The TinyMCE Custom Styles WordPress plugin before 1.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Cross site scripting
The TinyMCE Custom Styles WordPress plugin before 1.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-2967
The CVE-2023-2967 entry concerns the TinyMCE Custom Styles WordPress plugin (versions prior to 1.1.4). The connected sources confirm that the issue arises from insufficient sanitization/escaping of certain settings, enabling Stored Cross-Site Scripting by high-privilege users (e.g., admins) even ...
CVE-2023-2967 TinyMCE Custom Styles < 1.1.4 - Admin+ Stored Cross-Site Scripting
The TinyMCE Custom Styles WordPress plugin before 1.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-2967 TinyMCE Custom Styles < 1.1.4 - Admin+ Stored Cross-Site Scripting
The TinyMCE Custom Styles WordPress plugin before 1.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress plugin TinyMCE Custom Styles 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...
PT-2023-22355 · WordPress · Tinymce Custom Styles
Name of the Vulnerable Software and Affected Versions: TinyMCE Custom Styles WordPress plugin versions prior to 1.1.4 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for...
CVE-2020-23066
Cross Site Scripting vulnerability in TinyMCE v.4.9.6 and before and v.5.0.0 thru v.5.1.4 allows an attacker to execute arbitrary code via the editor function...
CVE-2020-23066
Rejected reason: DO NOT USE THIS CVE ID NUMBER. Consult IDs: CVE-2020-17480. Reason: This CVE Record is a duplicate of CVE-2020-17480. Notes: All CVE users should reference CVE-2020-17480 instead of this record...
Cross site scripting
Cross Site Scripting vulnerability in TinyMCE v.4.9.6 and before and v.5.0.0 thru v.5.1.4 allows an attacker to execute arbitrary code via the editor function...
PT-2023-11640 · Tinymce · Tinymce
Name of the Vulnerable Software and Affected Versions: TinyMCE versions 4.9.6 and earlier TinyMCE versions 5.0.0 through 5.1.4 Description: The issue allows an attacker to execute arbitrary code via the editor function, which is related to a Cross Site Scripting vulnerability. Recommendations: Fo...
CVE-2020-23066
CVE-2020-23066 is rejected/not used; refer to CVE-2020-17480.
编号撤回
Tiny Technologies TinyMCE is a rich text editor from Tiny Technologies, USA. This CVE number has been withdrawn...
TinyMCE Custom Styles < 1.1.4 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to "Settings" » "TinyMCE Custom Styles"...
Moodle 4.1.x < 4.1.3 Arbitrary Folder Creation Vulnerability (MSA-23-0014)
Moodle is prone to an arbitrary folder creation vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:moodle:moodle";...
GHSA-22GJ-8QJ2-FJ46 Moodle External Control of File Name or Path vulnerability
The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system...
CVE-2023-30943
The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system...
CVE-2023-30943
The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system...
UBUNTU-CVE-2023-30943
The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system...