Lucene search
K

52 matches found

CVE
CVE
added 2024/03/26 1:31 p.m.140 views

CVE-2024-29881

TinyMCE is affected by an XSS vulnerability (CVE-2024-29881) in its handling of external SVG content loaded via object/embed during content loading/insertion. The root cause is improper validation of user-supplied input via SVGs, allowing a payload to execute in the context of the hosting site. T...

6.1CVSS4.2AI score0.00722EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/03/26 1:31 p.m.19 views

CVE-2024-29881 TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements

TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an object or embed element and that image could potentially contain a XSS payload. This vulnerability is...

4.3CVSS5.1AI score0.00722EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/03/26 1:31 p.m.49 views

CVE-2024-29881 TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements

TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an object or embed element and that image could potentially contain a XSS payload. This vulnerability is...

4.3CVSS4.5AI score0.00722EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2024/03/26 1:31 p.m.21 views

CVE-2024-29881

Removed by vendor...

6.1CVSS5.1AI score0.00722EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/03/26 12:0 a.m.5 views

PT-2024-23105

Name of the Vulnerable Software and Affected Versions TinyMCE versions prior to 6.8.1 TinyMCE versions prior to 7.0.0 Description A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an object or embed...

6.1CVSS6.2AI score0.00722EPSS
Exploits0References18
SUSE CVE
SUSE CVE
added 2023/02/15 5:47 a.m.1 views

SUSE CVE-2012-1957

An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly handle EMBED elements within description elements in RSS feeds, which allows remot...

4.3CVSS8.2AI score0.02091EPSS
Exploits0References10
wpexploit
wpexploit
added 2022/06/21 12:0 a.m.107 views

Brizy Page Builder < 2.4.2 - Contributor+ Stored Cross-Site Scripting via Element Content

The plugin does not sanitise and escape some element content, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks As a contributor or above, create a post using Brizy editor and: - Add a Text Element then put the following payload:...

5.4CVSS0.00644EPSS
Exploits2References1
Github Security Blog
Github Security Blog
added 2018/11/21 10:19 p.m.25 views

Valine HTML Injection

An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file...

6.1CVSS6.2AI score0.01228EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2018/11/15 6:29 a.m.17 views

Design/Logic Flaw

An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file...

4.3CVSS6.2AI score0.01228EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/11/15 6:29 a.m.17 views

CVE-2018-19289

An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file...

6.1CVSS6.3AI score0.01228EPSS
Exploits1References1
OSV
OSV
added 2018/11/15 6:29 a.m.15 views

CVE-2018-19289

An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file...

6.1CVSS6.3AI score
Exploits0References1
Cvelist
Cvelist
added 2018/11/15 6:0 a.m.22 views

CVE-2018-19289

An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file...

6.2AI score0.01228EPSS
Exploits1References1
CVE
CVE
added 2018/11/15 6:0 a.m.55 views

CVE-2018-19289

Valine v1.3.3 is affected by CVE-2018-19289: HTML injection can be triggered via an EMBED element in conjunction with a .pdf file, enabling JavaScript execution. Connected sources (GHSA/OSV) corroborate HTML injection in Valine and mention the embed policy bypass. No remediation/version patch det...

6.1CVSS6.2AI score0.01228EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2018/11/13 12:0 a.m.4 views

JEESNS Cross-Site Scripting Vulnerability

JEESNS is an enterprise-level open source social management system building platform based on Java and MySQL, which includes microblogging module, group module and article module. JEESNS 1.3 version of the com/lxinet/jeesns/core/utils/XssHttpServletRequestWrapper.java file cross-site scripting...

5.4CVSS5.3AI score0.00556EPSS
Exploits1References1
OSV
OSV
added 2018/11/11 4:29 p.m.3 views

CVE-2018-19178

In JEESNS 1.3, com/lxinet/jeesns/core/utils/XssHttpServletRequestWrapper.java allows stored XSS via an HTML EMBED element, a different vulnerability than CVE-2018-17886...

5.4CVSS5.8AI score0.00556EPSS
Exploits1References1
NVD
NVD
added 2013/03/28 12:18 p.m.15 views

CVE-2013-0926

Google Chrome before 26.0.1410.43 does not properly handle active content in an EMBED element during a copy-and-paste operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site...

6.8CVSS6.2AI score0.0111EPSS
Exploits0References11
Prion
Prion
added 2013/03/28 12:18 p.m.29 views

Code injection

Google Chrome before 26.0.1410.43 does not properly handle active content in an EMBED element during a copy-and-paste operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site...

6.8CVSS6.8AI score0.0111EPSS
Exploits0References11Affected Software1
Cvelist
Cvelist
added 2013/03/28 10:0 a.m.22 views

CVE-2013-0926

Google Chrome before 26.0.1410.43 does not properly handle active content in an EMBED element during a copy-and-paste operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site...

6AI score0.0111EPSS
Exploits0References11
CVE
CVE
added 2013/03/28 10:0 a.m.67 views

CVE-2013-0926

CVE-2013-0926 affects Google Chrome prior to 26.0.1410.43. The issue arises when copying and pasting active content in an EMBED element, enabling a user‑assisted remote attacker to trigger an unspecified impact on a crafted site. The provided documents do not specify a confirmed impact or a patch...

6.8CVSS6.1AI score0.0111EPSS
Exploits0References11Affected Software1
Debian CVE
Debian CVE
added 2013/03/28 10:0 a.m.25 views

CVE-2013-0926

Removed by vendor...

6.8CVSS6.7AI score0.0111EPSS
Exploits0
Rows per page
Query Builder