25 matches found
CVE-2012-4230
CVE-2012-4230 affects the TinyMCE 3.5.8 bbcode plugin, where the plugin does not properly enforce the security policy for two directives: (1) encoding and (2) valid_elements. This misconfiguration allows attackers to perform cross-site scripting (XSS) via application-specific vectors, demonstrate...
TinyMCE 3.5.8 Cross Site Scripting
Vulnerability Report Author: Justin C. Klein Keane Date: 5 March, 2013 CVE-2012-4230 Description of Vulnerability: ----------------------------- "TinyMCE in itself can not be insecure" http://www.tinymce.com/wiki.php/Security "TinyMCE is a platform independent web based Javascript HTML WYSIWYG...
CVE-2005-1448
Cross-site scripting XSS vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...
CVE-2005-1448
Cross-site scripting XSS vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...
Serendipity BBCode Plugin XSS
According to its banner, the version of Serendipity installed on the remote host does not properly filter user-supplied input for selected fields if the BBCode plugin is enabled - it is not by default. By exploiting this flaw, an attacker can cause arbitrary HTML and script code to be executed by...