CVE-2023-48728

A cross-site scripting xss vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...

CVE-2023-48728

A cross-site scripting xss vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...

WWBN AVideo navbarMenuAndLogo.php user name cross-site scripting (XSS) vulnerability

Talos Vulnerability Report TALOS-2023-1882 WWBN AVideo navbarMenuAndLogo.php user name cross-site scripting XSS vulnerability January 10, 2024 CVE Number CVE-2023-48730 SUMMARY A cross-site scripting xss vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev...

Stored Cross Site Scripting (XSS)

class.upload.php is vulnerable to Stored Cross Site Scripting. The vulnerability is due to improper validation on uploaded files. This issue can be exploited by an attacker via uploading malicious files leading to the execution of arbitrary JavaScript...

Cross-site Scripting (XSS)

tinymce is vulnerable to Cross-Site Scripting. The vulnerability is due to a lack of proper sanitization for iframe, object and embed URL attributes within the TinyMCE's core parser. This allows an attacker to insert a specially crafted piece of content into the editor using the clipboard or APIs...

GHSA-GJHC-6XM7-MC8Q Duplicate Advisory: Cross-site scripting vulnerability in TinyMCE

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5h9g-x5rv-25wg. This link is maintained to preserve external references. Original Description TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and...

CVE-2024-21911

TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser...

CVE-2024-21908

TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser...

CVE-2024-21908

TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser...

UBUNTU-CVE-2024-21908

TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser...

CVE-2024-21910 Cross-site scripting vulnerability in TinyMCE plugins

TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser...

CVE-2024-21908 Cross-site scripting vulnerability in TinyMCE

TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser...

CVE-2024-21908

Removed by vendor...

Tiny Technologies TinyMCE Cross-Site Scripting Vulnerability

Tiny Technologies TinyMCE is a rich text editor from Tiny Technologies, USA. A cross-site scripting vulnerability exists in Tiny Technologies TinyMCE prior to version 5.6.0, which originated from a vulnerability that could allow a remote attacker to insert crafted HTML into the editor, resulting ...

PT-2024-18: Stored Cross-Site Scripting (Stored XSS) in Moodle

The vulnerability was identified in Moodle versions 4.0 - 4.3.3, 4.2 - 4.2.6, 4.1 - 4.1.9 and older unsupported versions. Insufficient escaping of participants' names in the page table leads to Stored XSS attack when interacting with some features. Discovered vulnerability allows an attacker to...

PT-2024-17: Stored Cross-Site Scripting (Stored XSS) in Moodle

The vulnerability was identified in Moodle versions 4.0 - 4.3.3, 4.2 - 4.2.6, 4.1 - 4.1.9 and older unsupported versions. Insufficient sanitization while opening the equation editor leads to Stored XSS attack when editing another user's equation. Discovered vulnerability allows an attacker to...

CVE-2023-47882

The Kami Vision YI IoT com.yunyi.smartcamera application through 4.1.920231127 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component...

CVE-2023-47883

The com.altamirano.fabricio.tvbrowser TV browser application through 4.5.1 for Android is vulnerable to JavaScript code execution via an explicit intent due to an exposed MainActivity...

CVE-2023-47883

The com.altamirano.fabricio.tvbrowser TV browser application through 4.5.1 for Android is vulnerable to JavaScript code execution via an explicit intent due to an exposed MainActivity...

CVE-2023-47882

The Kami Vision YI IoT com.yunyi.smartcamera application through 4.1.920231127 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component...