Regenerator 2000

Regenerator 2000 is an interactive disassembler for the CPU 6502, focused mostly on Commodore 8-bit computers. Features a TUI with modern features like x-ref, undo/redo, arrows, keyboard-driven, mcp server, VICE debugger and more! This is the coolest thing we have added to the archive today...

MiracleLinux 7 : python3-3.6.8-17.el7 (AXSA:2020-630:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-630:02 advisory. python: XSS vulnerability in the documentation XML-RPC server in servertitle field CVE-2019-16935 python: wrong backtracking in...

IACR Nullifies Election Because of Lost Decryption Key

The International Association of Cryptologic Research--the academic cryptography association that's been putting conferences like Crypto back when "crypto" meant "cryptography" and Eurocrypt since the 1980s--had to nullify an online election when trustee Moti Yung lost his decryption key. For thi...

EUVD-2023-2813

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-45818

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - TinyMCE is an open source rich text editor. A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE's core undo and redo functionality. Whe...

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: CVE-2024-50336: Fixed insufficient MXC URI validation which could allow client-side path traversal bsc1234413 Other fixes: - Updated to Mozilla Thunderbird 128.5.2i bsc1234413: fixed: Large virtual folders could be very slow fixed:...

Cross site scripting

TinyMCE is an open source rich text editor. A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon serialization according to the HTML standard. If such text...

UBUNTU-CVE-2023-48219

TinyMCE is an open source rich text editor. A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon serialization according to the HTML standard. If such text...

CVE-2023-48219

Removed by vendor...

GHSA-V626-R774-J7F8 TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes

Impact A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon serialization according to the HTML standard. If such text nodes contain a special character...

TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes

Impact A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon serialization according to the HTML standard. If such text nodes contain a special character...

Tiny Technologies TinyMCE Security Vulnerability

Tiny Technologies TinyMCE is a rich text editor from Tiny Technologies, USA. A security vulnerability exists in Tiny Technologies TinyMCE, which stems from a mutated cross-site scripting mXSS vulnerability in the undo/redo function and other APIs and plugins. Affected products and versions: TinyM...

TinyMCE -- mXSS in multiple plugins

TinyMCE reports: Special characters in unescaped text nodes can trigger mXSS when using TinyMCE undo/redo, getContentAPI, resetContentAPI, and Autosave plugin...

Cross-site Scripting (XSS)

TinyMCE is vulnerable to Cross-site Scripting XSS. The vulnerability occurs when an HTML snippet is restored from the undo stack. In this situation, a combination of string manipulation and reparative parsing by the browser's native DomParser API results in malicious mutations to the HTML. This, ...

CVE-2023-45818

TinyMCE is an open source rich text editor. A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before...

Cross site scripting

TinyMCE is an open source rich text editor. A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before...

UBUNTU-CVE-2023-45818

TinyMCE is an open source rich text editor. A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before...

CVE-2023-45818 Cross-site Scripting vulnerability in TinyMCE undo/redo, getContent API, resetContent API, and Autosave plugin

TinyMCE is an open source rich text editor. A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before...

CVE-2023-45818

Concrete details confirm CVE-2023-45818 affects TinyMCE undo/redo logic, where HTML is mutated by a combination of string trimming and reparative parsing when restoring from the undo stack, enabling XSS. The issue also affects related APIs/plugins (tinymce.Editor.getContent({ format: 'raw' }), re...

GHSA-V65R-P3VV-JJFV TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin

Impact A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before being stored in the undo stack. If t...