15 matches found
Linux Distros Unpatched Vulnerability : CVE-2019-1010091
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The...
GHSA-9HFW-CVF4-5X25 wangEditor was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload function
There is a cross-site scripting XSS issue in wangEditor via the image upload function in version 4.7.11. This issue has been fixed in version 4.7.12...
CVE-2022-25037
An issue in wanEditor v4.7.11 and fixed in v.4.7.12 and v.5 was discovered to contain a cross-site scripting XSS vulnerability via the image upload function...
PT-2024-11531 · Waneditor · Waneditor
Name of the Vulnerable Software and Affected Versions: wanEditor version 4.7.11 Description: The issue is related to a cross-site scripting XSS vulnerability via the image upload function. This vulnerability allows for malicious scripts to be injected into the application, potentially leading to...
wangEditor Security Vulnerability
wangEditor is an open source Web rich text editor from wangEditor Inc. A security vulnerability exists in wangEditor version 4.7.11, which stems from vulnerability to cross-site scripting XSS attacks...
PT-2024-11532 · Waneditor · Waneditor
Name of the Vulnerable Software and Affected Versions: wanEditor version 4.7.11 Description: The issue is related to a cross-site scripting XSS vulnerability. This vulnerability was discovered in the video upload function, allowing potential exploitation. Recommendations: For wanEditor version...
Moderate: Red Hat Bug Fix Advisory: OpenShift Container Platform 4.7.11 bug fix update
Red Hat OpenShift Container Platform release 4.7.11 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud...
Red Hat OpenShift Input Validation Error Vulnerability
Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying and running applications. An input validation error vulnerability exists in multiple Red Hat products. The vulnerability stems from a networked system or produc...
CVE-2020-21564
CVE-2020-21564 concerns Pluck CMS versions 4.7.10-dev2 and 4.7.11, where a file upload vulnerability can lead to remote command execution via the endpoint admin.php?action=files. The sources provided describe the vulnerability but do not specify additional technical details, exploit status, affec...
TinyMCE XSS vulnerability on version 4.7.11
h4. Description It seems that Confluence bundles a version of TinyMCE within the editor that has an XSS vulnerability. Confluence version 7.4.1 uses version 0.4.34 of the confluence-editor plugin that includes 4.7.11 of TinyMCE as a dependency Confluence version 7.6.2 uses version 0.4.41 of the...
Regular Expression Denial of Service (ReDoS) in lodash
lodash prior to 4.7.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is:...
tinymce Media element component cross-site scripting vulnerability
tinymce is a JavaScript library for rich text editing . A cross-site scripting vulnerability exists in the Media element component in tinymce version 4.7.11, 4.7.12. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit the...
CVE-2019-1010091
tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The component is: Media element. The attack vector is: The victim must paste malicious content to media element's embed tab...
CVE-2019-1010091
CVE-2019-1010091 affects TinyMCE 4.7.11/4.7.12 (Media element). The root cause is improper input neutralization (CWE-79) in the media element, enabling JavaScript execution when a user pastes malicious content into the media element embed tab. Impact is client-side code execution with low attack ...
WordPress Plainview Activity Monitor Plugin OS Command Injection Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . Plainview Activity Monitor plugin is used in one of the website user activity monitoring plugin . An operating syst...