Cross site scripting

A stored XSS vulnerability exists in Umbraco CMS = 8.9.1 or current. An authenticated user can inject arbitrary JavaScript code into iframes when editing content using the TinyMCE rich-text editor, as TinyMCE is configured to allow iframes by default in Umbraco CMS...

CVE-2020-5809

A stored XSS vulnerability exists in Umbraco CMS = 8.9.1 or current. An authenticated user can inject arbitrary JavaScript code into iframes when editing content using the TinyMCE rich-text editor, as TinyMCE is configured to allow iframes by default in Umbraco CMS...

Umbraco 跨站脚本漏洞

Umbraco is an open source content management system CMS based on ASP.NET technology. Umbraco 8.9.1 and earlier versions are vulnerable to a stored cross-site scripting vulnerability. An attacker can exploit this vulnerability to inject arbitrary JavaScript code into an iframe when editing content...

TinyMCE < 4.9.11 Cross-Site Scripting

According to its self-reported version number, TinyMCE is prior to 4.9.11 or 5.x prior to 5.4.1. Therefore, it may be affected by a cross-site scripting vulnerability in the editor via the clipboard or APIs. Note that the scanner has not tested for these issues but has instead relied only on the...

TinyMCE 5.x < 5.1.4 Cross-Site Scripting

According to its self-reported version number, TinyMCE is prior to 4.9.7 or 5.x prior to 5.1.4. Therefore, it may be affected by a cross-site scripting vulnerability in the core parser, paste and visualchars plugins. Note that the scanner has not tested for these issues but has instead relied onl...

TinyMCE 5.x < 5.4.1 Cross-Site Scripting

According to its self-reported version number, TinyMCE is prior to 4.9.11 or 5.x prior to 5.4.1. Therefore, it may be affected by a cross-site scripting vulnerability in the editor via the clipboard or APIs. Note that the scanner has not tested for these issues but has instead relied only on the...

TinyMCE 5.x < 5.2.2 Cross-Site Scripting

According to its self-reported version number, TinyMCE is prior to 4.9.10 or 5.x prior to 5.2.2. Therefore, it may be affected by a cross-site scripting vulnerability in the core parser and media plugin. Note that the scanner has not tested for these issues but has instead relied only on the...

TinyMCE < 4.9.7 Cross-Site Scripting

According to its self-reported version number, TinyMCE is prior to 4.9.7 or 5.x prior to 5.1.4. Therefore, it may be affected by a cross-site scripting vulnerability in the core parser, paste and visualchars plugins. Note that the scanner has not tested for these issues but has instead relied onl...

TinyMCE < 4.9.10 Cross-Site Scripting

According to its self-reported version number, TinyMCE is prior to 4.9.10 or 5.x prior to 5.2.2. Therefore, it may be affected by a cross-site scripting vulnerability in the core parser and media plugin. Note that the scanner has not tested for these issues but has instead relied only on the...

PDW File Browser 1.3 Shell Upload

Exploit Title: PDW File Browser 1.3 - Remote Code Execution Date: 24-10-2020 Exploit Author: David Bimmel Researchers: David Bimmel, Joost Vondeling, Ramòn Janssen Vendor Homepage: n/a Software Link: https://github.com/GuidoNeele/PDW-File-Browser Version: … ? Once you have uploaded your webshell...

PDW File Browser 1.3 - Remote Code Execution

Exploit Title: PDW File Browser 1.3 - Remote Code Execution Date: 24-10-2020 Exploit Author: David Bimmel Researchers: David Bimmel, Joost Vondeling, Ramòn Janssen Vendor Homepage: n/a Software Link: https://github.com/GuidoNeele/PDW-File-Browser Version: … ? Once you have uploaded your webshell...

TinyMCE 5 HTML Injection

Exploit Title: iframe Injection\Html Injection TinyMCE 5 HTML WYSIWYG Date:18.10.2020 Author: Vincent666 ibn Winnie Software Link: https://www.tiny.cloud/features/ Tested on: Windows 10 Web Browser: Mozilla Firefox Blog : https://pentest-vincent.blogspot.com/ PoC:...

openSUSE Security Update : roundcubemail (openSUSE-2020-1516)

This update for roundcubemail fixes the following issues : roundcubemail was upgraded to 1.3.15 This is a security update to the LTS version 1.3. boo1175135 - Security: Fix cross-site scripting XSS via HTML messages with malicious svg content CVE-2020-16145 - Security: Fix cross-site scripting XS...

CVE-2020-19891

DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\mod.editor.php $POST'updatefile' is filename and $POST'tinymcecontent' is file content, there is no filter function for security. A remote authenticated admin user can exploit this vulnerability to get a webshell...

Cross-Site Scripting (XSS)

tinymce is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser when the library is configured in classic editing mode. The stripping and sanitization logic of TinyMCE can be bypassed using nested and non-terminated HTML tags,...

CVE-2020-12648

A cross-site scripting XSS vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode...

CVE-2020-12648

A cross-site scripting XSS vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode...

Cross site scripting

A cross-site scripting XSS vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode...

CVE-2020-12648

A cross-site scripting XSS vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode...

UBUNTU-CVE-2020-12648

A cross-site scripting XSS vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode...