2 matches found
GHSA-W9JX-4G6G-RP7X TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements
Impact A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor. Patches This vulnerability has been patched in TinyMCE 7.2.0,...
Arbitrary Code Execution
firefox is vulnerable to arbitrary code execution. A use-after-free flaw was found in the way Firefox appended frame and iframe elements to a DOM tree when the NoScript add-on was enabled. Malicious HTML content could cause Firefox to execute arbitrary code with the privileges of the user running...