Lucene search
+L

914 matches found

OSV
OSV
added 2026/05/28 3:20 p.m.4 views

CVE-2026-47759 TinyMCE Cross-Site Scripting (XSS) vulnerability using through data-mce- prefixed src, href, style attributes

TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via unsanitized data-mce- attributes data-mce-href, data-mce-src, data-mce-style. Allows attackers to inject malicious values that override safe attributes during serialization,...

8.7CVSS5.9AI score0.00281EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/28 3:18 p.m.34 views

CVE-2026-47760 TinyMCE Cross-Site Scripting (XSS) vulnerability using sanitization bypass through nested SVGs

TinyMCE is an open source rich text editor. From 6.8.0 to before 7.1.0, TinyMCE contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using nested elements can bypass attribute sanitization and execute arbitrary JavaScript. This...

8.7CVSS0.00191EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 3:18 p.m.12 views

CVE-2026-47760 TinyMCE Cross-Site Scripting (XSS) vulnerability using sanitization bypass through nested SVGs

TinyMCE is an open source rich text editor. From 6.8.0 to before 7.1.0, TinyMCE contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using nested elements can bypass attribute sanitization and execute arbitrary JavaScript. This...

8.7CVSS6AI score0.00191EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 3:18 p.m.12 views

CVE-2026-47760

TinyMCE is an open source rich text editor. From 6.8.0 to before 7.1.0, TinyMCE contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using nested elements can bypass attribute sanitization and execute arbitrary JavaScript. This...

8.7CVSS6AI score0.00191EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/28 3:18 p.m.36 views

CVE-2026-47760

CVE-2026-47760 affects TinyMCE before 7.1.0, where an XSS flaw arises from improper SVG namespace scope handling in the sanitizer. The issue allows a crafted payload using nested SVG elements to bypass attribute sanitization and execute arbitrary JavaScript. Affected versions are 6.8.0 up to, but...

8.7CVSS6AI score0.00191EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/05/28 3:18 p.m.5 views

CVE-2026-47760 TinyMCE Cross-Site Scripting (XSS) vulnerability using sanitization bypass through nested SVGs

TinyMCE is an open source rich text editor. From 6.8.0 to before 7.1.0, TinyMCE contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using nested elements can bypass attribute sanitization and execute arbitrary JavaScript. This...

8.7CVSS6.1AI score0.00191EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.13 views

TinyMCE 跨站脚本漏洞

TinyMCE is an open-source rich text editor developed by Tiny Technologies in the United States. Versions of TinyMCE prior to 5.11.1, 7.9.3, and 8.5.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from a storage-type XSS vulnerability in the media plugin. Attackers cou...

8.7CVSS5.7AI score0.00264EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

Tiny Technologies TinyMCE 跨站脚本漏洞

TinyMCE is a rich text editor developed by Tiny Technologies in the United States. Versions of TinyMCE prior to 5.11.1, 7.9.3, and 8.5.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from forged mce:protected annotations, which could lead to storage-type XSS attacks...

8.7CVSS5.6AI score0.00281EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.24 views

PT-2026-44388

Name of the Vulnerable Software and Affected Versions TinyMCE versions prior to 5.11.1 TinyMCE versions prior to 7.9.3 TinyMCE versions prior to 8.5.1 Description A stored Cross-Site Scripting XSS issue exists due to unsanitized data-mce- attributes, specifically data-mce-href, data-mce-src, and...

8.7CVSS5.4AI score0.00281EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.14 views

PT-2026-44390

Name of the Vulnerable Software and Affected Versions TinyMCE versions prior to 5.11.1 TinyMCE versions prior to 7.9.3 TinyMCE versions prior to 8.5.1 Description A stored Cross-Site Scripting XSS issue exists in the media plugin. Attackers can inject malicious scripts using specially crafted...

8.7CVSS6AI score0.00264EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.24 views

PT-2026-44389

Name of the Vulnerable Software and Affected Versions TinyMCE versions 6.8.0 through 7.0.x Description An XSS Cross-Site Scripting issue exists due to improper SVG namespace scope handling within the sanitizer. An attacker can use a crafted payload with nested elements to bypass attribute...

8.7CVSS6AI score0.00191EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 10:31 a.m.11 views

Malicious code in opentiny-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 70307cffed06951bdb7b961e7846e3b3e0ba660b75ddca0b4fa11366ab94dc6d The package opentiny-react reproduces the source, README, and CHANGELOG of the legitimate @tinymce/tinymce-react integration verbatim under a...

6AI score
Exploits0References1
OSV
OSV
added 2026/05/25 10:31 a.m.9 views

MAL-2026-4631 Malicious code in opentiny-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 70307cffed06951bdb7b961e7846e3b3e0ba660b75ddca0b4fa11366ab94dc6d The package opentiny-react reproduces the source, README, and CHANGELOG of the legitimate @tinymce/tinymce-react integration verbatim under a...

6AI score
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/16 6:51 p.m.248 views

Exploit for CVE-2026-38526

CVE-2026-38526 | Krayin CRM v2.2.x Authenticated RCE - Unrestr...

9.9CVSS6.5AI score0.02759EPSS
Exploits11
EUVD
EUVD
added 2026/04/14 6:30 p.m.8 views

EUVD-2026-22296

An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x allows attackers to execute arbitrary code via uploading a crafted PHP file...

9.9CVSS6.2AI score0.02759EPSS
Exploits11References4
NVD
NVD
added 2026/04/14 4:16 p.m.30 views

CVE-2026-38526

An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x allows attackers to execute arbitrary code via uploading a crafted PHP file...

9.9CVSS0.02759EPSS
Exploits11References3
Snyk
Snyk
added 2026/04/14 4:14 p.m.15 views

Arbitrary Code Injection

Overview krayin/laravel-crm is a hand tailored CRM framework built on some of the hottest opensource technologies such as Laravel a PHP framework and Vue.js a progressive Javascript framework. Affected versions of this package are vulnerable to Arbitrary Code Injection via the /admin/tinymce/uplo...

9.9CVSS6.7AI score0.02759EPSS
Exploits11References2
Vulnrichment
Vulnrichment
added 2026/04/14 12:0 a.m.4 views

CVE-2026-38526

An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x allows attackers to execute arbitrary code via uploading a crafted PHP file...

9.9CVSS6.2AI score0.02759EPSS
Exploits11References2
CVE
CVE
added 2026/04/14 12:0 a.m.27 views

CVE-2026-38526

Webkul Krayin CRM v2.2.x is affected by an authenticated arbitrary file upload vulnerability at the /admin/tinymce/upload endpoint, allowing upload of a crafted PHP file to execute code on the server. The issue, described across CVE/NVD/CVEList entries, requires authentication and yields likely r...

9.9CVSS6.2AI score0.02759EPSS
Exploits11References3
Cvelist
Cvelist
added 2026/04/14 12:0 a.m.42 views

CVE-2026-38526

An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x allows attackers to execute arbitrary code via uploading a crafted PHP file...

9.9CVSS0.02759EPSS
Exploits11References2
Rows per page
Query Builder