@angular-materials/ngx-admin (>=1.0.0 <=1.0.1), @ec.components/tinymce (>=0.5.7 <=0.6.0) +34 more potentially affected by CVE-2019-1010091 via tinymce (>=4.5.1 <=4.8.5)

tinymce NPM version =4.5.1, =1.0.0, =0.5.7, =0.1.1, =0.0.13, =1.3.0, =8.0.0, =0.8.8, =0.6.3, =1.2.0, =1.0.0-alpha.0, =1.1.0, =2.4.1, =4.0.0 and more Source cves: CVE-2019-1010091 Source advisory: OSV:GHSA-C78W-2GW7-GJV3...

XSS in TinyMCE

Impact A cross-site scripting XSS vulnerability was discovered in: the core parser and media plugin. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor via the clipboard or APIs. This impacts all users who are using TinyMCE...

CVE-2013-4791

PrestaShop before 1.4.11 allows Logistician, translators and other low level profiles/accounts to inject a persistent XSS vector on TinyMCE...

Cross site scripting

PrestaShop before 1.4.11 allows Logistician, translators and other low level profiles/accounts to inject a persistent XSS vector on TinyMCE...

CVE-2013-4791

PrestaShop before 1.4.11 allows Logistician, translators and other low level profiles/accounts to inject a persistent XSS vector on TinyMCE...

CVE-2013-4791

CVE-2013-4791 affects PrestaShop versions before 1.4.11. Multiple connected sources (GHSA/OSV/CNVD/NVD/CVE lists) describe a stored XSS in TinyMCE exploitable by Logistician/low-privilege accounts. The vulnerability allows authenticated low-privilege users to inject persistent script via the Tiny...

CVE-2011-4906

Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution...

Unrestricted file upload

Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution...

CVE-2011-4906

CVE-2011-4906 concerns a vulnerability in the TinyMCE 3.0 editor integrated into Joomla! prior to 1.5.13. The connected documents confirm that an improper file upload mechanism could allow arbitrary PHP code execution via the TinyMCE-based upload path, enabling an attacker to execute code remotel...

CVE-2011-4906

Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution...

Cross-site Scripting (XSS)

tinymce is vulnerable to cross-site scripting XSS. The attack exists because it does not prevent the attacker from injecting a malicious script into the editor via the clipboard or APIs, allowing to execute the script when a user loads the editor...

GHSA-27GM-GHR9-4V95 Cross-site scripting vulnerability in TinyMCE

Impact A cross-site scripting XSS vulnerability was discovered in: the core parser, paste and visualchars plugins. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor via the clipboard or APIs. This impacts all users who are...

@angular-materials/ngx-admin (>=1.0.0 <=1.0.1), @aurocraft/builder (>=1.0.0 <=3.3.3) +292 more potentially affected by CVE-2020-17480 via tinymce (>=4.5.1 <=4.9.5)

tinymce NPM version =4.5.1, =1.0.0, =1.0.0, =1.0.0-alpha.39-baliz, =4.3.0, =0.5.0, =0.1.0, =0.0.4, =0.1.1, =0.0.13, =1.3.0, =1.0.0, =2.0.0-beta.1, =1.1.1, =1.1.3 and more Source cves: CVE-2020-17480 Source advisory: OSV:GHSA-27GM-GHR9-4V95...

3h1-ui (>=3.0.0-liingyun.1 <=3.0.0-next.258), @abt-desk/apm (>=0.0.1 <=0.33.12) +918 more potentially affected by CVE-2020-17480 via tinymce (>=5.0.11 <=5.1.0)

tinymce NPM version =5.0.11, =3.0.0-liingyun.1, =0.0.1, =0.1.0, =0.1.2, =0.3.7, =0.1.17, =0.1.0, =0.0.1, =0.2.0-0, =1.0.18-beta.8, =1.0.0, =1.2.3-beta.1, =0.1.1, =1.0.0, =8.7.0 and more Source cves: CVE-2020-17480 Source advisory: OSV:GHSA-27GM-GHR9-4V95...

Cross-Site Scripting (XSS)

tinymce is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a user's browser via the HTML comments and CDATA information...

8x8: (Critical) Remote Code Execution Through Old TinyMCE upload bypass

A third party marketing site utilized an outdated version of TinyMCE that was vulnerable to CVE-2011-4906...

CVE-2014-4548

CVE-2014-4548 : The Ruven Toolkit WordPress plugin (

CVE-2013-1426

Cross-site Scripting XSS in Mahara before 1.5.9 and 1.6.x before 1.6.4 allows remote attackers to inject arbitrary web script or HTML via the TinyMCE editor...

CVE-2013-1426

Cross-site Scripting XSS in Mahara before 1.5.9 and 1.6.x before 1.6.4 allows remote attackers to inject arbitrary web script or HTML via the TinyMCE editor...

Cross site scripting

Cross-site Scripting XSS in Mahara before 1.5.9 and 1.6.x before 1.6.4 allows remote attackers to inject arbitrary web script or HTML via the TinyMCE editor...