Lucene search
K

4 matches found

OSV
OSV
added 2024/06/19 8:15 p.m.1 views

UBUNTU-CVE-2024-38356

TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content extraction code. When using the noneditableregexp option, specially crafted HTML attributes containing malicious code were able to be executed when content was extracted from t...

6.1CVSS7.1AI score0.00529EPSS
Exploits0References8
Snyk
Snyk
added 2024/06/19 3:7 p.m.1 views

Cross-site Scripting (XSS)

Overview TinyMCE is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting XSS when using the noneditableregexp option on an element whose content does not match the regex. An attacker can inject malicious scripts into HTML...

6.1CVSS5.3AI score0.00529EPSS
Exploits0References2
OSV
OSV
added 2024/06/19 3:7 p.m.4 views

GHSA-9HCV-J9PV-QMPH TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option

Impact A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content extraction code. When using the noneditableregexp option, specially crafted HTML attributes containing malicious code were able to be executed when content was extracted from the editor. Patches This vulnerability...

6.1CVSS5.8AI score0.00529EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2024/06/19 3:7 p.m.68 views

TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option

Impact A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content extraction code. When using the noneditableregexp option, specially crafted HTML attributes containing malicious code were able to be executed when content was extracted from the editor. Patches This vulnerability...

6.1CVSS6.7AI score0.00529EPSS
Exploits0References9Affected Software3
Rows per page
Query Builder