CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Snyk•added 2026/05/28 4:50 p.m.•7 views

Cross-site Scripting (XSS)

Overview tinymce is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the mce:protected comments. An attacker can execute arbitrary scripts in the context of affected users by injecting malicious content that...

8.7CVSS5.9AI score0.00032EPSS

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2013-1464

Malware in sbrugna...

6.1CVSS6.3AI score0.00414EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2022-3294

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.0042EPSS

Exploits1References3

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2022-2159

Malicious code in bioql PyPI...

4.8CVSS5.5AI score0.00092EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2021-33935

Malicious code in bioql PyPI...

4.8CVSS5.4AI score0.00235EPSS

Tenable Nessus•added 2025/08/21 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2023-45819

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE's Notification Manager API. The vulnerability...

6.1CVSS6.1AI score0.02191EPSS

RedhatCVE•added 2025/05/23 4:38 a.m.•2 views

CVE-2023-44470

Cross-Site Request Forgery CSRF vulnerability in Kvvaradha Kv TinyMCE Editor Add Fonts plugin = 1.1 versions...

8.8CVSS7.1AI score0.00106EPSS

RedhatCVE•added 2025/05/23 4:32 a.m.•3 views

CVE-2023-38506

Joplin is a free, open source note taking and to-do application. A Cross-site Scripting XSS vulnerability allows pasting untrusted data into the rich text editor to execute arbitrary code. HTML pasted into the rich text editor is not sanitized or not sanitized properly. As such, the onload...

8.2CVSS6.2AI score0.00468EPSS

RedhatCVE•added 2025/05/22 4:43 p.m.•6 views

CVE-2020-5809

A stored XSS vulnerability exists in Umbraco CMS = 8.9.1 or current. An authenticated user can inject arbitrary JavaScript code into iframes when editing content using the TinyMCE rich-text editor, as TinyMCE is configured to allow iframes by default in Umbraco CMS...

5.4CVSS5.8AI score0.0042EPSS

RedhatCVE•added 2025/05/22 10:38 a.m.•7 views

CVE-2019-7866

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to edit Product information via the TinyMCE editor...

4.8CVSS5.5AI score0.00092EPSS

Exploits0References1

Packet Storm•added 2024/09/26 12:0 a.m.•319 views

PHP SPM 1.0 WYSIWYG Code Injection

============================================================================================================================================= | Title : php spm 1.0 WYSIWYG code injection vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64...

7.4AI score

Packet Storm•added 2024/09/26 12:0 a.m.•224 views

PHP ACRSS 1.0 WYSIWYG Code Injection

============================================================================================================================================= | Title : php acrss 1.0 WYSIWYG code injection vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64...

7.4AI score

Packet Storm•added 2024/09/24 12:0 a.m.•193 views

Lost And Found Information System 1.0 WYSIWYG Code Injection

============================================================================================================================================= | Title : Lost and Found Information System 1.0 WYSIWYG code injection vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...

7.4AI score

NVD•added 2024/06/21 8:15 p.m.•29 views

CVE-2023-38506

8.2CVSS0.00468EPSS

Cvelist•added 2024/06/21 7:43 p.m.•14 views

CVE-2023-38506 Cross-site Scripting (XSS) when pasting HTML into the rich text editor in Joplin

8.2CVSS0.00468EPSS

CNNVD•added 2024/06/19 12:0 a.m.•2 views

Tiny Technologies TinyMCE Security Vulnerability

Tiny Technologies TinyMCE is a rich text editor from Tiny Technologies, USA. A security vulnerability exists in Tiny Technologies TinyMCE that stems from the presence of a cross-site scripting XSS vulnerability that allows execution of malicious code when loading content into the editor...

6.1CVSS6.1AI score0.01148EPSS

Exploits0References8

CNNVD•added 2024/03/26 12:0 a.m.•3 views

Tiny Technologies TinyMCE 安全漏洞

Tiny Technologies TinyMCE is a rich text editor from Tiny Technologies. A security vulnerability exists in TinyMCE versions prior to 7.0.0, which stems from a cross-site scripting XSS vulnerability in the content loading and content inserting code...

6.1CVSS5.4AI score0.05137EPSS

Exploits0References6

Snyk•added 2023/11/15 7:54 p.m.•1 views

Cross-site Scripting (XSS)

Overview TinyMCE is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting XSS via mutation of inner HTML. An attacker can inject malicious scripts that pass the initial sanitization layer when the content is parsed into the...

6.1CVSS5.3AI score0.02076EPSS