Magento 2 Community Edition XSS Vulnerability

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to edit Product information via the TinyMCE editor...

WordPress Custom TinyMCE Shortcode Buttons plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. WordPress Custom TinyMCE Shortcode Buttons plugin version 1.1 and earlier is vulnerable to a...

CVE-2022-1217

The Custom TinyMCE Shortcode Button WordPress plugin through 1.1 does not sanitise and escape the PHPSELF variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting...

CVE-2022-1217

The Custom TinyMCE Shortcode Button WordPress plugin through 1.1 does not sanitise and escape the PHPSELF variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting...

CVE-2022-1217

CVE-2022-1217 affects the WordPress plugin Custom TinyMCE Shortcode Button (

WordPress plugin Custom TinyMCE Shortcode Button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. WordPress Custom TinyMCE Shortcode Buttons plugin version 1.1 and earlier is vulnerable to a...

PHP Spellchecker addon for TinyMCE allows attackers to trigger arbitrary outbound HTTP requests

classes/GoogleSpell.php in the PHP Spellchecker aka Google Spellchecker addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote...

GHSA-FX5H-3786-H2W6 PHP Spellchecker addon for TinyMCE allows attackers to trigger arbitrary outbound HTTP requests

classes/GoogleSpell.php in the PHP Spellchecker aka Google Spellchecker addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote...

Moodle Authenticated Spelling Binary Remote Code Execution

Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell pathname and then triggering a spell-check operation within the TinyMCE editor...

GHSA-WXQG-FG7V-MMC6 Moodle Authenticated Spelling Binary Remote Code Execution

Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell pathname and then triggering a spell-check operation within the TinyMCE editor...

Sysaid Technologies SysAid 路径遍历漏洞

Sysaid Technologies SysAid is a suite of IT service management solutions from Sysaid Technologies, an Israeli company. A security vulnerability exists in Sysaid Technologies SysAid that stems from a file inclusion issue with the application. An unauthenticated attacker can exploit the vulnerabili...

GHSA-CRPG-2MM2-JJQF PrestaShop Stored Cross-Site Scripting Vulnerability

PrestaShop before 1.4.11 allows Logistician, translators and other low level profiles/accounts to inject a persistent XSS vector on TinyMCE...

PrestaShop Stored Cross-Site Scripting Vulnerability

PrestaShop before 1.4.11 allows Logistician, translators and other low level profiles/accounts to inject a persistent XSS vector on TinyMCE...

WordPress Custom TinyMCE Shortcode Button plugin <= 1.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Custom TinyMCE Shortcode Button plugin versions = 1.1. Solution Deactivate and delete. This plugin has been closed as of April 4, 2022 and is not available for download. This closure is temporary, pending a full revi...

WordPress TinyMCE Annotate plugin <= 1.1.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress TinyMCE Annotate plugin versions = 1.1.2. Solution No patched version available...

WordPress TinyMCE Annotate plugin <= 1.1.2 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress TinyMCE Annotate plugin versions = 1.1.2. Solution No patched version available...

CVE-2021-4035

A stored cross site scripting have been identified at the comments in the report creation due to an obsolote version of tinymce editor. In order to exploit this vulnerability, the attackers needs an account with enough privileges to view and edit reports...

CVE-2021-4035

A stored cross site scripting have been identified at the comments in the report creation due to an obsolote version of tinymce editor. In order to exploit this vulnerability, the attackers needs an account with enough privileges to view and edit reports...

CVE-2021-4035 Wocu Monitoring stored Cross-Site Scripting (XSS)

A stored cross site scripting have been identified at the comments in the report creation due to an obsolote version of tinymce editor. In order to exploit this vulnerability, the attackers needs an account with enough privileges to view and edit reports...

CVE-2021-4035

CVE-2021-4035 corresponds to a stored XSS in Wocu Monitoring’s report-creation comments caused by an obsolete tinymce editor. Public materials (NVD/NVD-derived entries and CVE records) describe that an attacker must have an account with sufficient privileges to view/edit reports to exploit the is...