3 matches found
Security Bulletin: There is a vulnerability in tinymce-6.3.1.min.js used by IBM Maximo Asset Management application (CVE-2023-45819 and CVE-2023-45818)
Summary There is a vulnerability in tinymce-6.3.1.min.js used by IBM Maximo Asset Management application. Vulnerability Details CVEID:CVE-2023-45819 DESCRIPTION: TinyMCE is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Notification Manager API. A...
CVE-2023-45819
CVE-2023-45819 is a cross-site scripting vulnerability in TinyMCE’s Notification Manager API. An attacker could trigger arbitrary JavaScript execution by injecting unfiltered HTML into a notification text displayed in the TinyMCE UI for the current user, requiring crafted content and a notificati...
@arkxio/ark-ui (>=0.1.0 <=0.1.18), @arkxio/ark-ui-src (=0.1.0) +34 more potentially affected by CVE-2023-45819 via tinymce (>=6.0.0 <=6.6.2)
tinymce NPM version =6.0.0, =0.1.0, =0.1.19, =0.1.0, =0.1.0, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.2 and more Source cves: CVE-2023-45819 Source advisory: OSV:GHSA-HGQX-R2HP-JR38...