CVE-2026-47762

TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via forged mce:protected comments. Allows attackers to bypass sanitization and inject scripts that execute when content is restored. Impacts users who utilize the protect option. Thi...

CVE-2026-47759 TinyMCE Cross-Site Scripting (XSS) vulnerability using through data-mce- prefixed src, href, style attributes

TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via unsanitized data-mce- attributes data-mce-href, data-mce-src, data-mce-style. Allows attackers to inject malicious values that override safe attributes during serialization,...

PT-2026-44391

Name of the Vulnerable Software and Affected Versions TinyMCE versions prior to 5.11.1 TinyMCE versions prior to 7.9.3 TinyMCE versions prior to 8.5.1 Description A stored Cross-Site Scripting XSS issue exists via forged mce:protected comments. This allows attackers to bypass sanitization and...

CVE-2025-62871

Cross-Site Request Forgery CSRF vulnerability in Alex Prokopenko / JustCoded Just TinyMCE Custom Styles just-tinymce-styles allows Cross Site Request Forgery.This issue affects Just TinyMCE Custom Styles: from n/a through = 1.2.1...

CVE-2025-62415 bagisto - Cross Site Scripting (XSS) in TinyMCE Image Upload (HTML)

Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges e.g. admin to upload a crafted HTML file containing embedded JavaScript. When viewed, the malicious code executes in the context of the...

PT-2024-5043

Name of the Vulnerable Software and Affected Versions: TinyMCE versions prior to 5.11.0 LTS TinyMCE versions prior to 6.8.4 TinyMCE versions prior to 7.2.0 Description: A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content extraction code. When using the noneditable regexp...

Tiny Technologies TinyMCE Security Vulnerability

Tiny Technologies TinyMCE is a rich text editor from Tiny Technologies, USA. A security vulnerability exists in Tiny Technologies TinyMCE, which stems from a mutated cross-site scripting mXSS vulnerability in the undo/redo function and other APIs and plugins. Affected products and versions: TinyM...

Tiny Technologies TinyMCE 跨站脚本漏洞

Tiny Technologies TinyMCE is a rich text editor from Tiny Technologies, Inc. Tiny Technologies TinyMCE suffers from a cross-site scripting vulnerability that originates from cross-site scripting that can be achieved when an attacker serves malicious HTML content to its warning and confirmation...

Cross-site Scripting (XSS)

Overview UmbracoCms.Core is an ASP.NET CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper user-input sanitization. An authenticated user can inject arbitrary JavaScript code into IFrames when editing content using the TinyMCE rich-text editor, as...

jfv-weimar.de XSS vulnerability

Open Bug Bounty ID: OBB-648983 Description| Value ---|--- Affected Website:| jfv-weimar.de Open Bug Bounty Program:| View Open Bug Bounty Program Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

UBUNTU-CVE-2012-4230

The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the 1 encoding directive and 2 validelements attribute, which allows attackers to conduct cross-site scripting XSS attacks via application-specific vectors, as demonstrated using a textarea element...

Mambo CMS 4.6.5 Denial Of Service / Disclosure

Larry W. Cashdollar 1/2/2012 http://vapid.dhs.org About Mambo: "Mambo is a full-featured content management system that can be used for everything from simple websites to complex corporate applications." http://mambo-code.org 1. Clear text password/crypt: Mambo stores mysql database password in...

RuubikCMS < v1.0.3 Shell Upload Vulnerability

Exploit for php platform in category web applications Exploit Title : RuubikCMS v1.0.3 Shell Upload Vulnerability Google Dork : Powered by RuubikCMS Date : 2011-03-06 Author : Alexander Software Link : http://www.ruubikcms.com Version : v1.0.3 Test On : Linux/php CVE : Web Applications === Exploi...