CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

Veracode•added 2026/06/04 9:20 a.m.•7 views

Stored Cross-Site Scripting (XSS)

TinyMCE is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of crafted data-mce- attributes in the media plugin, which allows an attacker to inject malicious scripts into stored content that are executed when the content is rendered...

8.7CVSS5.8AI score0.00223EPSS

Exploits0References4Affected Software2

ATTACKERKB•added 2026/05/28 3:21 p.m.•14 views

CVE-2026-47762

TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via forged mce:protected comments. Allows attackers to bypass sanitization and inject scripts that execute when content is restored. Impacts users who utilize the protect option. Thi...

8.7CVSS5.9AI score0.00238EPSS

Exploits0References4Affected Software1

Cvelist•added 2026/05/28 3:20 p.m.•31 views

CVE-2026-47759 TinyMCE Cross-Site Scripting (XSS) vulnerability using through data-mce- prefixed src, href, style attributes

TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via unsanitized data-mce- attributes data-mce-href, data-mce-src, data-mce-style. Allows attackers to inject malicious values that override safe attributes during serialization,...

8.7CVSS0.00238EPSS

Exploits0References3

Positive Technologies•added 2026/05/28 12:0 a.m.•10 views

PT-2026-44391

Name of the Vulnerable Software and Affected Versions TinyMCE versions prior to 5.11.1 TinyMCE versions prior to 7.9.3 TinyMCE versions prior to 8.5.1 Description A stored Cross-Site Scripting XSS issue exists via forged mce:protected comments. This allows attackers to bypass sanitization and...

8.7CVSS5.9AI score0.00238EPSS

Exploits0References13

RedhatCVE•added 2025/12/10 3:13 p.m.•4 views

CVE-2025-62871

Cross-Site Request Forgery CSRF vulnerability in Alex Prokopenko / JustCoded Just TinyMCE Custom Styles just-tinymce-styles allows Cross Site Request Forgery.This issue affects Just TinyMCE Custom Styles: from n/a through = 1.2.1...

4.3CVSS6.9AI score0.00107EPSS

Exploits0References1

Vulnrichment•added 2025/10/16 6:36 p.m.•4 views

CVE-2025-62415 bagisto - Cross Site Scripting (XSS) in TinyMCE Image Upload (HTML)

Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges e.g. admin to upload a crafted HTML file containing embedded JavaScript. When viewed, the malicious code executes in the context of the...

6.9CVSS6.5AI score0.00255EPSS

Exploits1References1

Positive Technologies•added 2024/06/19 12:0 a.m.•3 views

PT-2024-5043

Name of the Vulnerable Software and Affected Versions: TinyMCE versions prior to 5.11.0 LTS TinyMCE versions prior to 6.8.4 TinyMCE versions prior to 7.2.0 Description: A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content extraction code. When using the noneditable regexp...

9.3CVSS6.7AI score0.5281EPSS

Exploits6References25

CNNVD•added 2023/11/15 12:0 a.m.•4 views

Tiny Technologies TinyMCE Security Vulnerability

Tiny Technologies TinyMCE is a rich text editor from Tiny Technologies, USA. A security vulnerability exists in Tiny Technologies TinyMCE, which stems from a mutated cross-site scripting mXSS vulnerability in the undo/redo function and other APIs and plugins. Affected products and versions: TinyM...

6.1CVSS6.2AI score0.00715EPSS

Exploits0References4

CNNVD•added 2022/12/08 12:0 a.m.•3 views

Tiny Technologies TinyMCE 跨站脚本漏洞

Tiny Technologies TinyMCE is a rich text editor from Tiny Technologies, Inc. Tiny Technologies TinyMCE suffers from a cross-site scripting vulnerability that originates from cross-site scripting that can be achieved when an attacker serves malicious HTML content to its warning and confirmation...

6.1CVSS5.9AI score0.00939EPSS

Exploits0References9

Snyk•added 2022/05/24 5:37 p.m.•3 views

Cross-site Scripting (XSS)

Overview UmbracoCms.Core is an ASP.NET CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper user-input sanitization. An authenticated user can inject arbitrary JavaScript code into IFrames when editing content using the TinyMCE rich-text editor, as...

5.4CVSS5.2AI score0.00677EPSS

Exploits1References2

Openbugbounty•added 2018/07/17 5:8 p.m.•7 views

jfv-weimar.de XSS vulnerability

Open Bug Bounty ID: OBB-648983 Description| Value ---|--- Affected Website:| jfv-weimar.de Open Bug Bounty Program:| View Open Bug Bounty Program Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

0.1AI score

Exploits0

OSV•added 2014/04/25 2:15 p.m.•2 views

UBUNTU-CVE-2012-4230

The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the 1 encoding directive and 2 validelements attribute, which allows attackers to conduct cross-site scripting XSS attacks via application-specific vectors, as demonstrated using a textarea element...

4.3CVSS7AI score0.01198EPSS

Exploits2References7

Packet Storm•added 2012/01/08 12:0 a.m.•24 views

Mambo CMS 4.6.5 Denial Of Service / Disclosure

Larry W. Cashdollar 1/2/2012 http://vapid.dhs.org About Mambo: "Mambo is a full-featured content management system that can be used for everything from simple websites to complex corporate applications." http://mambo-code.org 1. Clear text password/crypt: Mambo stores mysql database password in...

7.4AI score

Exploits0

0day.today•added 2011/03/07 12:0 a.m.•19 views

RuubikCMS < v1.0.3 Shell Upload Vulnerability

Exploit for php platform in category web applications Exploit Title : RuubikCMS v1.0.3 Shell Upload Vulnerability Google Dork : Powered by RuubikCMS Date : 2011-03-06 Author : Alexander Software Link : http://www.ruubikcms.com Version : v1.0.3 Test On : Linux/php CVE : Web Applications === Exploi...

7.1AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by