3 matches found
Cross-site Scripting (XSS)
Overview TinyMCE is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting XSS via iframe elements inserted into the editor. Attacks are limited by same-origin browser protections, but downloading files is still possible...
GHSA-2Q4G-W47C-4674 Unpreventable top-level navigation
Impact The will-navigate event that apps use to prevent navigations to unexpected destinations as per our security recommendations can be bypassed when a sub-frame performs a top-frame navigation across sites. Patches 11.0.0-beta.1 10.0.1 9.3.0 8.5.1 Workarounds Sandbox all your iframes using the...
The vulnerability of the Internet Explorer browser, which allows a violator to rename files
The vulnerability of the Internet Explorer browser is related to the loading of various files in an attempt to open file:// URLs, depending on the existence of those files. Exploiting this vulnerability allows a malicious actor to number files using vectors that contain file:// URLs and HTML5...