19 matches found
EUVD-2026-32922
TinyMCE Cross-Site Scripting XSS vulnerability using media plugin data-mce-object injection...
GHSA-Q742-QVGC-GC2F TinyMCE Cross-Site Scripting (XSS) vulnerability using through data-mce- prefixed src, href, style attributes
Impact Stored XSS vulnerability via unsanitized data-mce- attributes data-mce-href, data-mce-src, data-mce-style. Allows attackers to inject malicious values that override safe attributes during serialization, bypassing validation. Patches Patched by stripping unsafe data-mce- attributes during...
TinyMCE Cross-Site Scripting (XSS) vulnerability using through data-mce- prefixed src, href, style attributes
Impact Stored XSS vulnerability via unsanitized data-mce- attributes data-mce-href, data-mce-src, data-mce-style. Allows attackers to inject malicious values that override safe attributes during serialization, bypassing validation. Patches Patched by stripping unsafe data-mce- attributes during...
EUVD-2026-32921
TinyMCE Cross-Site Scripting XSS vulnerability using through data-mce- prefixed src, href, style attributes...
Stored Cross-Site Scripting (XSS)
TinyMCE is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of crafted data-mce- attributes in the media plugin, which allows an attacker to inject malicious scripts into stored content that are executed when the content is rendered...
Stored Cross-Site Scripting
TinyMCE is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization of data-mce- attributes such as data-mce-href, data-mce-src, and data-mce-style, allowing attackers to inject malicious values that override validated attributes during content...
Linux Distros Unpatched Vulnerability : CVE-2026-47759
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via unsanitized data-mce- attributes...
Cross-site Scripting (XSS)
Overview tinymce is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the media plugin when handling crafted data-mce- attributes. An attacker can execute arbitrary scripts in the context of the user's browser by...
Cross-site Scripting (XSS)
Overview TinyMCE is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the media plugin when handling crafted data-mce- attributes. An attacker can execute arbitrary scripts in the context of the user's browser by...
Cross-site Scripting (XSS)
Overview org.webjars.npm:tinymce is a WebJar for tinymce. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the media plugin when handling crafted data-mce- attributes. An attacker can execute arbitrary scripts in the context of the user's browser by injecting...
Cross-site Scripting (XSS)
Overview tinymce/tinymce is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the media plugin when handling crafted data-mce- attributes. An attacker can execute arbitrary scripts in the context of the user's...
CVE-2026-47761
TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability in the media plugin. Attackers can inject malicious scripts via crafted data-mce- attributes, which are executed when content is rendered. Impacts users of TinyMCE with the media...
UBUNTU-CVE-2026-47759
TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via unsanitized data-mce- attributes data-mce-href, data-mce-src, data-mce-style. Allows attackers to inject malicious values that override safe attributes during serialization,...
CVE-2026-47761 TinyMCE Cross-Site Scripting (XSS) vulnerability using media plugin `data-mce-object` injection
TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability in the media plugin. Attackers can inject malicious scripts via crafted data-mce- attributes, which are executed when content is rendered. Impacts users of TinyMCE with the media...
CVE-2026-47761
TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability in the media plugin. Attackers can inject malicious scripts via crafted data-mce- attributes, which are executed when content is rendered. Impacts users of TinyMCE with the media...
CVE-2026-47761 TinyMCE Cross-Site Scripting (XSS) vulnerability using media plugin `data-mce-object` injection
TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability in the media plugin. Attackers can inject malicious scripts via crafted data-mce- attributes, which are executed when content is rendered. Impacts users of TinyMCE with the media...
CVE-2026-47761
Summary: CVE-2026-47761 is a stored XSS vulnerability in TinyMCE’s media plugin, triggered by crafted data-mce-* attributes during content rendering. Affected software: TinyMCE (open source rich text editor); affected version range prior to 5.11.1, 7.9.3, and 8.5.1. Root cause/Vector: Media plugi...
CVE-2026-47759
TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via unsanitized data-mce- attributes data-mce-href, data-mce-src, data-mce-style. Allows attackers to inject malicious values that override safe attributes during serialization,...
CVE-2026-47759 TinyMCE Cross-Site Scripting (XSS) vulnerability using through data-mce- prefixed src, href, style attributes
TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via unsanitized data-mce- attributes data-mce-href, data-mce-src, data-mce-style. Allows attackers to inject malicious values that override safe attributes during serialization,...