Lucene search
K

5 matches found

OSV
OSV
added 2023/11/15 7:15 p.m.4 views

UBUNTU-CVE-2023-48219

TinyMCE is an open source rich text editor. A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon serialization according to the HTML standard. If such text...

6.1CVSS5.6AI score0.00715EPSS
Exploits0References5
OSV
OSV
added 2023/11/15 6:32 p.m.8 views

GHSA-V626-R774-J7F8 TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes

Impact A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon serialization according to the HTML standard. If such text nodes contain a special character...

6.1CVSS5.7AI score0.00715EPSS
Exploits0References7
FreeBSD
FreeBSD
added 2023/11/15 12:0 a.m.10 views

TinyMCE -- mXSS in multiple plugins

TinyMCE reports: Special characters in unescaped text nodes can trigger mXSS when using TinyMCE undo/redo, getContentAPI, resetContentAPI, and Autosave plugin...

6.1CVSS7AI score0.00715EPSS
Exploits0References2
OSV
OSV
added 2023/08/02 8:15 p.m.7 views

AZL-34907 CVE-2023-3978 affecting package kubevirt for versions less than 1.2.0-1

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack...

6.1CVSS6.7AI score0.00843EPSS
Exploits0References1
OSV
OSV
added 2023/08/02 8:15 p.m.6 views

AZL-34542 CVE-2023-3978 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-1

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack...

6.1CVSS6.7AI score0.00843EPSS
Exploits0References1
Rows per page
Query Builder