12 matches found
PT-2025-51078
Name of the Vulnerable Software and Affected Versions Doubly – Cross Domain Copy Paste for WordPress plugin versions up to and including 1.0.46 Description The Doubly – Cross Domain Copy Paste for WordPress plugin is susceptible to PHP Object Injection. This occurs through the deserialization of...
Linux Distros Unpatched Vulnerability : CVE-2020-17480
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert...
Malicious code in freerte-paste-plugin (npm)
The package freerte-paste-plugin was found to contain malicious code...
MAL-2025-20954 Malicious code in freerte-paste-plugin (npm)
The package freerte-paste-plugin was found to contain malicious code...
Cross-site scripting in TinyMCE
Overview tinymce before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor. Recommendation Upgrade to versions 4.9.7, 5.1.4 or later References - CVE - GitHub Advisory...
GHSA-P7J5-4MWM-HV86 Duplicate Advisory: Cross-site scripting in TinyMCE
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-27gm-ghr9-4v95. This link is maintained to preserve external references. Original Description TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin...
CVE-2020-17480
TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor...
CVE-2020-17480
TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor...
UBUNTU-CVE-2020-17480
TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor...
Cross site scripting
TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor...
CVE-2020-17480
Removed by vendor...
CVE-2020-17480
The CVE-2020-17480 issue affects TinyMCE prior to 4.9.7 and 5.x prior to 5.1.4, where cross-site scripting can be triggered by inserting content via clipboard or editor APIs in the core parser, paste plugin, and visualchars plugin. The vulnerability arises from improper input validation and can b...