2 matches found
PT-2026-6845
If an attacker has the ability control configuration options passed to sceditor.create, like emoticons, charset, etc. then it's possible for them to trigger an XSS attack due to lack of sanitisation of configuration options. Proof of concept: js sceditor.createtextarea, emoticons: dropdown: ':':...
PT-2026-6797
Name of the Vulnerable Software and Affected Versions SCEditor versions prior to 3.2.1 Description SCEditor is a lightweight WYSIWYG BBCode and XHTML editor. A lack of sanitisation of configuration options passed to the sceditor.create function allows an attacker who can control these options—suc...