872 matches found
Moodle 安全漏洞
Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A security vulnerability exists in Moodle that stems from allowing a user to control the path of old files to be created in the TinyMCE...
Cross-site scripting vulnerabilities in old version of bundled TinyMCE
An old version of TinyMCE include an XSS vulnerability, which was patched in a later version. This was described by TinyMCE: A cross-site scripting XSS vulnerability was discovered in the core parser. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piec...
GHSA-WQM8-JX8R-8RCQ Cross-site scripting vulnerabilities in old version of bundled TinyMCE
An old version of TinyMCE include an XSS vulnerability, which was patched in a later version. This was described by TinyMCE: A cross-site scripting XSS vulnerability was discovered in the core parser. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piec...
PT-2023-33068 · Tinymce · Tinymce
Name of the Vulnerable Software and Affected Versions: TinyMCE versions 4.9.10 and earlier TinyMCE versions 5.4.0 and earlier Description: A cross-site scripting XSS issue was found in the core parser of TinyMCE, allowing arbitrary JavaScript execution when inserting specially crafted content int...
SS-2023-001 - XSS vulnerability in underlying TinyMCE library
More info at https://www.silverstripe.org/download/security-releases/SS-2023-001...
CVE-2023-23995
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Tim Reeves & David Stöckl TinyMCE Custom Styles plugin = 1.1.2 versions...
CVE-2023-23995
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Tim Reeves & David Stöckl TinyMCE Custom Styles plugin = 1.1.2 versions...
CVE-2023-23995
CVE-2023-23995 affects the WordPress TinyMCE Custom Styles plugin (versions
CVE-2023-23995 WordPress TinyMCE Custom Styles Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Tim Reeves & David Stöckl TinyMCE Custom Styles plugin = 1.1.2 versions...
CVE-2023-23995 WordPress TinyMCE Custom Styles Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Tim Reeves & David Stöckl TinyMCE Custom Styles plugin = 1.1.2 versions...
PT-2023-19344 · Unknown · Tinymce Custom Styles Plugin
Name of the Vulnerable Software and Affected Versions: Tim Reeves & David Stöckl TinyMCE Custom Styles plugin versions = 1.1.2 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. This vulnerability affects the T...
WordPress plugin TinyMCE Custom Styles 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
PT-2023-4763 · Moodle +1 · Moodle +1
Name of the Vulnerable Software and Affected Versions: Moodle versions 4.1.x through 4.1.2 Moodle versions 4.2.x through 4.1.9 is not correct, the correct is: Moodle versions 4.2.x before 4.2.0 Description: The issue exists because the application allows a user to control the path of the folder t...
MAL-2023-921 Malicious code in uploadcare-tinymce (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a639188015774141a6e7828027fb105771e51cf101e48ebab5dc6d652e63ed92 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in uploadcare-tinymce (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a639188015774141a6e7828027fb105771e51cf101e48ebab5dc6d652e63ed92 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Security Bulletin: There are several vulnerabilities in TinyMCE used by IBM Maximo Manage application in IBM Maximo Application Suite
Summary There are several vulnerabilities in TinyMCE used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-23494 DESCRIPTION: TinyMCE is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote...
Security Bulletin: There is a security vulnerability in TinyMCE used by IBM Maximo for Civil Infrastructure in Maximo Application Suite (CVE-2022-23494)
Summary There is a security vulnerability in TinyMCE used by IBM Maximo for Civil Infrastructure in Maximo Application Suite Vulnerability Details CVEID:CVE-2022-23494 DESCRIPTION: TinyMCE is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote...
Moodle 4.1 < 4.1.2 Multiple Vulnerabilities
Moodle is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:moodle:moodle"; ifdescription...
WordPress TinyMCE Custom Styles Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)
Software TinyMCE Custom Styles Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23995 Patch priority Low CVSS severity Low 5.9 Developer tinymce-custom-styles PSID 7dc7761b83f7 Credits Rio Darmawa...
Malicious Package
Overview tinymce-codemirror is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...