5 matches found
EUVD-2023-2747
Malicious code in bioql PyPI...
Cross-site Scripting (XSS)
Overview TinyMCE is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Notification Manager API due to improper input sanitization. An attacker can execute arbitrary JavaScript when a notification is presented i...
CVE-2023-45819 Cross-site Scripting vulnerability in TinyMCE notificationManager.open API
TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s Notification Manager API. The vulnerability exploits TinyMCE's unfiltered notification system, which is used in error handling. The conditions for this exploit requires carefully craft...
CVE-2023-45819
Removed by vendor...
PT-2023-29708 · Tinymce · Tinymce
Name of the Vulnerable Software and Affected Versions: TinyMCE versions prior to 5.10.8 TinyMCE versions prior to 6.7.1 Description: A cross-site scripting XSS vulnerability was discovered in TinyMCE’s Notification Manager API. The vulnerability exploits TinyMCE's unfiltered notification system,...