Lucene search
+L

914 matches found

vulnersosv
vulnersosv
added 2026/05/28 4:50 p.m.8 views

17fe-ui23 (>=0.0.0 <=0.0.24), @2kog/pkg-editor (>=0.0.1 <=0.1.3) +554 more potentially affected by CVE-2026-47760 via tinymce (>=6.8.1 <=7.0.1)

tinymce NPM version =6.8.1, =0.0.0, =0.0.1, =12.1.0, =4.1.0, =1.0.0-beta.1, =4.1.2-rc, =1.0.0, =0.1.0, =0.1.0, =0.1.1, =0.1.7 - @arkxos/arkos-example =0.1.0 and more Source cves: CVE-2026-47760 Source advisory: SNYK:JS-TINYMCE-17056157...

8.7CVSS5.7AI score0.00191EPSS
Exploits0
snyk
snyk
added 2026/05/28 4:50 p.m.11 views

Cross-site Scripting (XSS)

Overview TinyMCE is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper handling of SVG namespace scope by the sanitizer. An attacker can execute arbitrary JavaScript by crafting a payload with nested SVG...

8.7CVSS5.9AI score0.00191EPSS
Exploits0References2
snyk
snyk
added 2026/05/28 4:50 p.m.13 views

Cross-site Scripting (XSS)

Overview tinymce is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper handling of SVG namespace scope by the sanitizer. An attacker can execute arbitrary JavaScript by crafting a payload with nested SVG...

8.7CVSS5.9AI score0.00191EPSS
Exploits0References2
snyk
snyk
added 2026/05/28 4:50 p.m.9 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:tinymce is a WebJar for tinymce. Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper handling of SVG namespace scope by the sanitizer. An attacker can execute arbitrary JavaScript by crafting a payload with nested SVG elements that...

8.7CVSS5.9AI score0.00191EPSS
Exploits0References2
vulnersosv
vulnersosv
added 2026/05/28 4:50 p.m.7 views

bsign-ui (>=0.0.3 <=0.0.5), gc-nimbus-ui (>=3.0.0 <=3.0.12) potentially affected by CVE-2026-47759 via tinymce (>=8.0.2 <=8.2.2)

tinymce NPM version =8.0.2, =0.0.3, =3.0.0, =3.0.12 Source cves: CVE-2026-47759 Source advisory: SNYK:JS-TINYMCE-17056166...

8.7CVSS5.4AI score0.00281EPSS
Exploits0
vulnersosv
vulnersosv
added 2026/05/28 4:50 p.m.7 views

@ifanrx/dashboard (>=0.1.1 <=1.3.0-alpha-20240730001), @ithinkdt/editor (>=3.4.11 <=3.5.0) +6 more potentially affected by CVE-2026-47759 via tinymce (>=7.0.1 <=7.5.1)

tinymce NPM version =7.0.1, =0.1.1, =3.4.11, =3.0.7, =3.0.0, =4.0.0, =0.2.10, =0.2.19 Source cves: CVE-2026-47759 Source advisory: SNYK:JS-TINYMCE-17056166...

8.7CVSS5.4AI score0.00281EPSS
Exploits0
snyk
snyk
added 2026/05/28 4:50 p.m.11 views

Cross-site Scripting (XSS)

Overview TinyMCE is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting XSS via unsanitized data-mce-href, data-mce-src, and data-mce-style attributes. An attacker can execute arbitrary scripts in the context of the user's...

8.7CVSS5.9AI score0.00281EPSS
Exploits0References2
snyk
snyk
added 2026/05/28 4:50 p.m.11 views

Cross-site Scripting (XSS)

Overview tinymce is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting XSS via unsanitized data-mce-href, data-mce-src, and data-mce-style attributes. An attacker can execute arbitrary scripts in the context of the user's...

8.7CVSS5.9AI score0.00281EPSS
Exploits0References2
snyk
snyk
added 2026/05/28 4:50 p.m.8 views

Cross-site Scripting (XSS)

Overview tinymce/tinymce is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting XSS via unsanitized data-mce-href, data-mce-src, and data-mce-style attributes. An attacker can execute arbitrary scripts in the context of the...

8.7CVSS5.8AI score0.00281EPSS
Exploits0References2
snyk
snyk
added 2026/05/28 4:50 p.m.8 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:tinymce is a WebJar for tinymce. Affected versions of this package are vulnerable to Cross-site Scripting XSS via unsanitized data-mce-href, data-mce-src, and data-mce-style attributes. An attacker can execute arbitrary scripts in the context of the user's browser by...

8.7CVSS5.9AI score0.00281EPSS
Exploits0References2
vulnersosv
vulnersosv
added 2026/05/28 4:50 p.m.6 views

@ifanrx/dashboard (>=0.1.1 <=1.3.0-alpha-20240730001), @ithinkdt/editor (>=3.4.11 <=3.5.0) +6 more potentially affected by CVE-2026-47761 via tinymce (>=7.0.1 <=7.5.1)

tinymce NPM version =7.0.1, =0.1.1, =3.4.11, =3.0.7, =3.0.0, =4.0.0, =0.2.10, =0.2.19 Source cves: CVE-2026-47761 Source advisory: SNYK:JS-TINYMCE-17056137...

8.7CVSS5.4AI score0.00264EPSS
Exploits0
snyk
snyk
added 2026/05/28 4:50 p.m.11 views

Cross-site Scripting (XSS)

Overview TinyMCE is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the media plugin when handling crafted data-mce- attributes. An attacker can execute arbitrary scripts in the context of the user's browser by...

8.7CVSS5.9AI score0.00264EPSS
Exploits0References2
vulnersosv
vulnersosv
added 2026/05/28 4:50 p.m.6 views

bsign-ui (>=0.0.3 <=0.0.5), gc-nimbus-ui (>=3.0.0 <=3.0.12) potentially affected by CVE-2026-47761 via tinymce (>=8.0.2 <=8.2.2)

tinymce NPM version =8.0.2, =0.0.3, =3.0.0, =3.0.12 Source cves: CVE-2026-47761 Source advisory: SNYK:JS-TINYMCE-17056137...

8.7CVSS5.4AI score0.00264EPSS
Exploits0
snyk
snyk
added 2026/05/28 4:50 p.m.12 views

Cross-site Scripting (XSS)

Overview tinymce is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the media plugin when handling crafted data-mce- attributes. An attacker can execute arbitrary scripts in the context of the user's browser by...

8.7CVSS5.9AI score0.00264EPSS
Exploits0References2
snyk
snyk
added 2026/05/28 4:50 p.m.13 views

Cross-site Scripting (XSS)

Overview tinymce/tinymce is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the media plugin when handling crafted data-mce- attributes. An attacker can execute arbitrary scripts in the context of the user's...

8.7CVSS5.9AI score0.00264EPSS
Exploits0References2
snyk
snyk
added 2026/05/28 4:50 p.m.10 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:tinymce is a WebJar for tinymce. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the media plugin when handling crafted data-mce- attributes. An attacker can execute arbitrary scripts in the context of the user's browser by injecting...

8.7CVSS5.9AI score0.00264EPSS
Exploits0References2
vulnersosv
vulnersosv
added 2026/05/28 4:50 p.m.7 views

bsign-ui (>=0.0.3 <=0.0.5), gc-nimbus-ui (>=3.0.0 <=3.0.12) potentially affected by CVE-2026-47762 via tinymce (>=8.0.2 <=8.2.2)

tinymce NPM version =8.0.2, =0.0.3, =3.0.0, =3.0.12 Source cves: CVE-2026-47762 Source advisory: SNYK:JS-TINYMCE-17056141...

8.7CVSS5.4AI score0.00281EPSS
Exploits0
snyk
snyk
added 2026/05/28 4:50 p.m.13 views

Cross-site Scripting (XSS)

Overview TinyMCE is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the mce:protected comments. An attacker can execute arbitrary scripts in the context of affected users by injecting malicious content that...

8.7CVSS5.9AI score0.00281EPSS
Exploits0References2
vulnersosv
vulnersosv
added 2026/05/28 4:50 p.m.7 views

@ifanrx/dashboard (>=0.1.1 <=1.3.0-alpha-20240730001), @ithinkdt/editor (>=3.4.11 <=3.5.0) +6 more potentially affected by CVE-2026-47762 via tinymce (>=7.0.1 <=7.5.1)

tinymce NPM version =7.0.1, =0.1.1, =3.4.11, =3.0.7, =3.0.0, =4.0.0, =0.2.10, =0.2.19 Source cves: CVE-2026-47762 Source advisory: SNYK:JS-TINYMCE-17056141...

8.7CVSS5.4AI score0.00281EPSS
Exploits0
snyk
snyk
added 2026/05/28 4:50 p.m.10 views

Cross-site Scripting (XSS)

Overview tinymce is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the mce:protected comments. An attacker can execute arbitrary scripts in the context of affected users by injecting malicious content that...

8.7CVSS5.9AI score0.00281EPSS
Exploits0References2
Rows per page
Query Builder