Cross-site scripting vulnerability in TinyMCE

Impact A cross-site scripting XSS vulnerability was discovered in the URL sanitization logic of the core parser for form elements. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor using the clipboard or APIs, and then...

Cross-site scripting in TinyMCE

Overview tinymce before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor. Recommendation Upgrade to versions 4.9.7, 5.1.4 or later References - CVE - GitHub Advisory...

GHSA-P7J5-4MWM-HV86 Duplicate Advisory: Cross-site scripting in TinyMCE

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-27gm-ghr9-4v95. This link is maintained to preserve external references. Original Description TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin...

Duplicate Advisory: Cross-site scripting in TinyMCE

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-27gm-ghr9-4v95. This link is maintained to preserve external references. Original Description TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin...

CVE-2020-29592

An issue was discovered in Orchard before 1.10. A broken access control issue in Orchard components that use the TinyMCE HTML editor's file upload allows an attacker to upload dangerous executables that bypass the file types allowed regardless of the file types allowed list in Media settings...

Improper access control

An issue was discovered in Orchard before 1.10. A broken access control issue in Orchard components that use the TinyMCE HTML editor's file upload allows an attacker to upload dangerous executables that bypass the file types allowed regardless of the file types allowed list in Media settings...

CVE-2020-29592

An issue was discovered in Orchard before 1.10. A broken access control issue in Orchard components that use the TinyMCE HTML editor's file upload allows an attacker to upload dangerous executables that bypass the file types allowed regardless of the file types allowed list in Media settings...

Cross-site scripting in TinyMCE

Overview A cross-site scripting XSS vulnerability was discovered in the URL sanitization logic of the core parser of tinymce. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor using the clipboard or APIs. This impacts all...

Regular Expression Denial Of Service (ReDoS)

tinymce is vulnerable to regular expression denial of service. The vulnerability allows malicious ruby code samples to cause a denial of service condition in the browser while performing syntax highlighting...

Cross-site Scripting (XSS)

tinymce is vulnerable to cross-site scripting XSS. The vulnerability exists through the URL sanitization logic of the SaxParser...

Cross-site scripting vulnerability in TinyMCE

Impact A cross-site scripting XSS vulnerability was discovered in the URL sanitization logic of the core parser. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor using the clipboard or APIs. This impacts all users who are...

GHSA-W7JX-J77M-WP65 Cross-site scripting vulnerability in TinyMCE

Impact A cross-site scripting XSS vulnerability was discovered in the URL sanitization logic of the core parser. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor using the clipboard or APIs. This impacts all users who are...

3h1-ui (>=3.0.0-liingyun.1 <=3.0.0-next.258), @abt-desk/apm (>=0.0.1 <=0.33.12) +1228 more potentially affected by CVE-2024-21911 via tinymce (>=4.5.1 <=5.5.1)

tinymce NPM version =4.5.1, =3.0.0-liingyun.1, =0.0.1, =0.1.0, =0.1.2, =0.3.7, =0.1.7, =0.1.0, =0.0.1, =1.0.0, =0.2.0-0, =1.0.18-beta.8, =1.0.0, =1.2.3-beta.1, =0.1.1, =0.1.11 and more Source cves: CVE-2024-21911 Source advisory: OSV:GHSA-W7JX-J77M-WP65...

GHSA-H96F-FC7C-9R55 Regex denial of service vulnerability in codesample plugin

Impact A regex denial of service ReDoS vulnerability was discovered in a dependency of the codesample plugin. The vulnerability allowed poorly formed ruby code samples to lock up the browser while performing syntax highlighting. This impacts users of the codesample plugin using TinyMCE 5.5.1 or...

3h1-ui (>=3.0.0-liingyun.1 <=3.0.0-next.258), @abt-desk/apm (>=0.0.1 <=0.33.12) +1228 more potentially affected by unknown CVE via tinymce (>=4.5.1 <=5.5.1)

tinymce NPM version =4.5.1, =3.0.0-liingyun.1, =0.0.1, =0.1.0, =0.1.2, =0.3.7, =0.1.7, =0.1.0, =0.0.1, =1.0.0, =0.2.0-0, =1.0.18-beta.8, =1.0.0, =1.2.3-beta.1, =0.1.1, =0.1.11 and more Source cves: unknown CVE Source advisory: OSV:GHSA-H96F-FC7C-9R55...

Regex denial of service vulnerability in codesample plugin

Impact A regex denial of service ReDoS vulnerability was discovered in a dependency of the codesample plugin. The vulnerability allowed poorly formed ruby code samples to lock up the browser while performing syntax highlighting. This impacts users of the codesample plugin using TinyMCE 5.5.1 or...

PT-2021-24352 · Tinymce · Tinymce

Name of the Vulnerable Software and Affected Versions: TinyMCE versions prior to 5.6.0 Description: A stored cross-site scripting vulnerability was discovered in the URL sanitization logic of the core parser, allowing arbitrary JavaScript execution when inserting specially crafted content into th...

Umbraco Cross-Site Scripting Vulnerability (CNVD-2020-75634)

Umbraco is an open source content management system CMS based on ASP.NET technology. Umbraco 8.9.1 and earlier versions are vulnerable to a stored cross-site scripting vulnerability. An attacker can exploit this vulnerability to inject arbitrary JavaScript code into an iframe when editing content...

CVE-2020-5809

A stored XSS vulnerability exists in Umbraco CMS = 8.9.1 or current. An authenticated user can inject arbitrary JavaScript code into iframes when editing content using the TinyMCE rich-text editor, as TinyMCE is configured to allow iframes by default in Umbraco CMS...

CVE-2020-5809

A stored XSS vulnerability exists in Umbraco CMS = 8.9.1 or current. An authenticated user can inject arbitrary JavaScript code into iframes when editing content using the TinyMCE rich-text editor, as TinyMCE is configured to allow iframes by default in Umbraco CMS...