52 matches found
CVE-2024-29881
TinyMCE is affected by an XSS vulnerability (CVE-2024-29881) in its handling of external SVG content loaded via object/embed during content loading/insertion. The root cause is improper validation of user-supplied input via SVGs, allowing a payload to execute in the context of the hosting site. T...
CVE-2024-29881 TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements
TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an object or embed element and that image could potentially contain a XSS payload. This vulnerability is...
CVE-2024-29881 TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements
TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an object or embed element and that image could potentially contain a XSS payload. This vulnerability is...
CVE-2024-29881
Removed by vendor...
PT-2024-23105
Name of the Vulnerable Software and Affected Versions TinyMCE versions prior to 6.8.1 TinyMCE versions prior to 7.0.0 Description A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an object or embed...
SUSE CVE-2012-1957
An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly handle EMBED elements within description elements in RSS feeds, which allows remot...
Brizy Page Builder < 2.4.2 - Contributor+ Stored Cross-Site Scripting via Element Content
The plugin does not sanitise and escape some element content, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks As a contributor or above, create a post using Brizy editor and: - Add a Text Element then put the following payload:...
Valine HTML Injection
An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file...
Design/Logic Flaw
An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file...
CVE-2018-19289
An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file...
CVE-2018-19289
An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file...
CVE-2018-19289
An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file...
CVE-2018-19289
Valine v1.3.3 is affected by CVE-2018-19289: HTML injection can be triggered via an EMBED element in conjunction with a .pdf file, enabling JavaScript execution. Connected sources (GHSA/OSV) corroborate HTML injection in Valine and mention the embed policy bypass. No remediation/version patch det...
JEESNS Cross-Site Scripting Vulnerability
JEESNS is an enterprise-level open source social management system building platform based on Java and MySQL, which includes microblogging module, group module and article module. JEESNS 1.3 version of the com/lxinet/jeesns/core/utils/XssHttpServletRequestWrapper.java file cross-site scripting...
CVE-2018-19178
In JEESNS 1.3, com/lxinet/jeesns/core/utils/XssHttpServletRequestWrapper.java allows stored XSS via an HTML EMBED element, a different vulnerability than CVE-2018-17886...
CVE-2013-0926
Google Chrome before 26.0.1410.43 does not properly handle active content in an EMBED element during a copy-and-paste operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site...
Code injection
Google Chrome before 26.0.1410.43 does not properly handle active content in an EMBED element during a copy-and-paste operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site...
CVE-2013-0926
Google Chrome before 26.0.1410.43 does not properly handle active content in an EMBED element during a copy-and-paste operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site...
CVE-2013-0926
CVE-2013-0926 affects Google Chrome prior to 26.0.1410.43. The issue arises when copying and pasting active content in an EMBED element, enabling a user‑assisted remote attacker to trigger an unspecified impact on a crafted site. The provided documents do not specify a confirmed impact or a patch...
CVE-2013-0926
Removed by vendor...