CVE-2024-21908

TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser...

CVE-2024-21908

TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser...

UBUNTU-CVE-2024-21908

TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser...

CVE-2024-21910 Cross-site scripting vulnerability in TinyMCE plugins

TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser...

CVE-2024-21908 Cross-site scripting vulnerability in TinyMCE

TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser...

CVE-2024-21908

Removed by vendor...

Tiny Technologies TinyMCE Cross-Site Scripting Vulnerability

Tiny Technologies TinyMCE is a rich text editor from Tiny Technologies, USA. A cross-site scripting vulnerability exists in Tiny Technologies TinyMCE prior to version 5.6.0, which originated from a vulnerability that could allow a remote attacker to insert crafted HTML into the editor, resulting ...

PT-2024-18: Stored Cross-Site Scripting (Stored XSS) in Moodle

The vulnerability was identified in Moodle versions 4.0 - 4.3.3, 4.2 - 4.2.6, 4.1 - 4.1.9 and older unsupported versions. Insufficient escaping of participants' names in the page table leads to Stored XSS attack when interacting with some features. Discovered vulnerability allows an attacker to...

PT-2024-17: Stored Cross-Site Scripting (Stored XSS) in Moodle

The vulnerability was identified in Moodle versions 4.0 - 4.3.3, 4.2 - 4.2.6, 4.1 - 4.1.9 and older unsupported versions. Insufficient sanitization while opening the equation editor leads to Stored XSS attack when editing another user's equation. Discovered vulnerability allows an attacker to...

CVE-2023-47883

The com.altamirano.fabricio.tvbrowser TV browser application through 4.5.1 for Android is vulnerable to JavaScript code execution via an explicit intent due to an exposed MainActivity...

CVE-2023-47882

The Kami Vision YI IoT com.yunyi.smartcamera application through 4.1.920231127 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component...

CVE-2023-47883

The com.altamirano.fabricio.tvbrowser TV browser application through 4.5.1 for Android is vulnerable to JavaScript code execution via an explicit intent due to an exposed MainActivity...

CVE-2023-47882

The Kami Vision YI IoT com.yunyi.smartcamera application through 4.1.920231127 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component...

CVE-2023-47883

The com.altamirano.fabricio.tvbrowser TV browser application through 4.5.1 for Android is vulnerable to JavaScript code execution via an explicit intent due to an exposed MainActivity...

PT-2023-30655 · Unknown · Com.Yunyi.Smartcamera

Name of the Vulnerable Software and Affected Versions: com.yunyi.smartcamera application through 4.1.9 20231127 for Android Description: The issue allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component...

PT-2023-30656 · Unknown · Com.Altamirano.Fabricio.Tvbrowser

Name of the Vulnerable Software and Affected Versions: com.altamirano.fabricio.tvbrowser TV browser application versions through 4.5.1 for Android Description: The issue allows for JavaScript code execution via an explicit intent due to an exposed MainActivity. This could potentially lead to...

PT-2023-28839

Name of the Vulnerable Software and Affected Versions Shenzhen TCL Browser TV Web BrowseHere aka com.tcl.browser version 6.65.022 dab24cc6 231221 gp Description The issue allows a remote attacker to execute arbitrary JavaScript code via the com.tcl.browser.portal.browse.activity.BrowsePageActivit...

vlady-mix TV Browser Security Vulnerability

vlady-mix TV Browser is a web browser for Android TV from vlady-mix. A security vulnerability exists in vlady-mix TV Browser version 4.5.1 and earlier, which stems from an exposed MainActivity and can be exploited by an attacker to execute JavaScript code...

Engelsystem Cross-Site Scripting Vulnerability

Engelsystem is an open source shift planning system from Engelsystem. A cross-site scripting vulnerability exists in versions prior to Englesystem v3.4.1 that stems from insufficient validation of user-supplied data, allowing injection and execution of Javascript code in another user's environmen...

CVE-2023-6769 Stored XSS vulnerability in Amazing Little Poll

Stored XSS vulnerability in Amazing Little Poll, affecting versions 1.3 and 1.4. This vulnerability allows a remote attacker to store a malicious JavaScript payload in the "lpadmin.php" file in the "question" and "item" parameters. This vulnerability could lead to malicious JavaScript execution...