CVE-2023-45818

TinyMCE is an open source rich text editor. A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before...

Stored Cross Site Scripting (XSS)

apachesuperset is vulnerable to Stored Cross Site Scripting XSS. An authenticated attacker with create or update permissions on charts or dashboards could store a malicious script or add a specific HTML snippet, resulting in Stored Cross Site Scripting XSS...

Cross-site Scripting (XSS)

TinyMCE is vulnerable to Cross-site Scripting XSS. The vulnerability occurs when an HTML snippet is restored from the undo stack. In this situation, a combination of string manipulation and reparative parsing by the browser's native DomParser API results in malicious mutations to the HTML. This, ...

CVE-2023-45818 Cross-site Scripting vulnerability in TinyMCE undo/redo, getContent API, resetContent API, and Autosave plugin

TinyMCE is an open source rich text editor. A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before...

TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin

Impact A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before being stored in the undo stack. If t...

WordPress Plugin Insert Html Snippet Cross-Site Request Forgery Vulnerability

WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . A cross-site request forgery vulnerability exists in Wordpress plugin Insert Html Snippet version 1.2. The...

Insert Html Snippet <= 1.2 - Cross-Site Request Forgery (CSRF)

The Insert Html Snippet WordPress plugin was affected by a Cross-Site Request Forgery CSRF security vulnerability...

WordPress Insert Html Snippet 1.2 Cross Site Request Forgery

------------------------------------------------------------------------ Cross-Site Request Forgery in Insert Html Snippet WordPress Plugin ------------------------------------------------------------------------ Yorick Koster, July 2016...

WordPress Insert Html Snippet 1.2 Cross Site Request Forgery Vulnerability

WordPress Insert Html Snippet plugin version 1.2 suffers from a cross site request forgery vulnerability. ------------------------------------------------------------------------ Cross-Site Request Forgery in Insert Html Snippet WordPress Plugin...

Critical: Red Hat Security Advisory: Red Hat JBoss BPM Suite 6.2.0 update

Red Hat JBoss BPM Suite 6.2.0, which fixes three security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores...

APPLE-SA-2013-06-04-2 Safari 6.0.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-06-04-2 Safari 6.0.5 Safari 6.0.5 is now available and addresses the following: WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.3 Impact: Visiting a maliciously crafted website may lead to an...