CVE-2020-12648

CVE-2020-12648 describes an XSS vulnerability in TinyMCE 5.2.1 and earlier, exploitable when configured in classic editing mode. The provided connected documents corroborate that TinyMCE’s classic editor mode allows remote attackers to inject arbitrary web scripts, but do not provide details on a...

CVE-2020-12648

Removed by vendor...

CVE-2020-12648

A cross-site scripting XSS vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode...

High-Severity TinyMCE Cross-Site Scripting Flaw Fixed

A high-severity flaw has been disclosed in TinyMCE, an open-source text editor used in the content management systems CMS of websites. The recently patched flaw could have been potentially exploited remotely by attackers to gain administrative privileges to websites. TinyMCE, developed by Tiny...

3h1-ui (>=3.0.0-liingyun.1 <=3.0.0-next.258), @abt-desk/apm (>=0.0.1 <=0.33.12) +936 more potentially affected by CVE-2020-12648 via tinymce (>=5.0.11 <=5.3.2)

tinymce NPM version =5.0.11, =3.0.0-liingyun.1, =0.0.1, =0.1.0, =0.1.2, =0.3.7, =0.1.17, =0.1.0, =0.0.1, =0.2.0-0, =1.0.18-beta.8, =1.0.0, =1.2.3-beta.1, =0.1.1, =1.0.0, =8.7.0 and more Source cves: CVE-2020-12648 Source advisory: OSV:GHSA-VRV8-V4W8-F95H...

Cross-site scripting vulnerability in TinyMCE

Impact A cross-site scripting XSS vulnerability was discovered in the core parser. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor via the clipboard or APIs. This impacts all users who are using TinyMCE 4.9.10 or lower a...

@angular-materials/ngx-admin (>=1.0.0 <=1.0.1), @ec.components/tinymce (>=0.5.7 <=0.6.0) +34 more potentially affected by CVE-2020-12648 via tinymce (>=4.5.1 <=4.8.5)

tinymce NPM version =4.5.1, =1.0.0, =0.5.7, =0.1.1, =0.0.13, =1.3.0, =8.0.0, =0.8.8, =0.6.3, =1.2.0, =1.0.0-alpha.0, =1.1.0, =2.4.1, =4.0.0 and more Source cves: CVE-2020-12648 Source advisory: OSV:GHSA-VRV8-V4W8-F95H...

GHSA-VRV8-V4W8-F95H Cross-site scripting vulnerability in TinyMCE

Impact A cross-site scripting XSS vulnerability was discovered in the core parser. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor via the clipboard or APIs. This impacts all users who are using TinyMCE 4.9.10 or lower a...

CVE-2020-17480

TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor...

CVE-2020-17480

TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor...

CVE-2020-17480

TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor...

UBUNTU-CVE-2020-17480

TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor...

Cross site scripting

TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor...

CVE-2020-17480

Removed by vendor...

CVE-2020-17480

TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor...

CVE-2020-17480

The CVE-2020-17480 issue affects TinyMCE prior to 4.9.7 and 5.x prior to 5.1.4, where cross-site scripting can be triggered by inserting content via clipboard or editor APIs in the core parser, paste plugin, and visualchars plugin. The vulnerability arises from improper input validation and can b...

TinyMCE XSS vulnerability on version 4.7.11

h4. Description It seems that Confluence bundles a version of TinyMCE within the editor that has an XSS vulnerability. Confluence version 7.4.1 uses version 0.4.34 of the confluence-editor plugin that includes 4.7.11 of TinyMCE as a dependency Confluence version 7.6.2 uses version 0.4.41 of the...

Exploit for Path Traversal in Atlassian Confluence_Server

PoC exploit for CVE-2019-3396, a Confluence Server-Side Template Injection SSTI Remote Code Execution RCE vulnerability. The exploit targets Confluence versions vulnerable to this CVE. The vulnerability is exploited by sending a specially crafted request to the Confluence REST API, which allows a...

3h1-ui (>=3.0.0-liingyun.1 <=3.0.0-next.258), @abt-desk/apm (>=0.0.1 <=0.33.12) +925 more potentially affected by CVE-2019-1010091 via tinymce (>=5.0.11 <=5.2.1)

tinymce NPM version =5.0.11, =3.0.0-liingyun.1, =0.0.1, =0.1.0, =0.1.2, =0.3.7, =0.1.17, =0.1.0, =0.0.1, =0.2.0-0, =1.0.18-beta.8, =1.0.0, =1.2.3-beta.1, =0.1.1, =1.0.0, =8.7.0 and more Source cves: CVE-2019-1010091 Source advisory: OSV:GHSA-C78W-2GW7-GJV3...

GHSA-C78W-2GW7-GJV3 XSS in TinyMCE

Impact A cross-site scripting XSS vulnerability was discovered in: the core parser and media plugin. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor via the clipboard or APIs. This impacts all users who are using TinyMCE...