Linux Distros Unpatched Vulnerability : CVE-2026-47762

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via forged mce:protected comments. Allows...

Cross-site Scripting (XSS)

Overview tinymce/tinymce is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper handling of SVG namespace scope by the sanitizer. An attacker can execute arbitrary JavaScript by crafting a payload with neste...

TinyMCE 跨站脚本漏洞

TinyMCE is an open-source rich text editor developed by Tiny Technologies in the United States. Versions of TinyMCE prior to 5.11.1, 7.9.3, and 8.5.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from a storage-type XSS vulnerability in the media plugin. Attackers cou...

CVE-2022-23494

tinymce is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the image plugin, which...

EUVD-2021-0519

Malware in sbrugna...

EUVD-2020-0418

Malware in sbrugna...

EUVD-2014-8539

Malware in sbrugna...

EUVD-2024-0810

Malicious code in bioql PyPI...

EUVD-2023-2813

Malicious code in bioql PyPI...

EUVD-2023-2747

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-48219

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - TinyMCE is an open source rich text editor. A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE's core undo/redo functionality and othe...

Linux Distros Unpatched Vulnerability : CVE-2017-14726

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor. CVE-2017-14726 Note that Nessus...

Linux Distros Unpatched Vulnerability : CVE-2024-29881

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE's content loading and content inserting code. A S...

CVE-2024-29881

TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an object or embed element and that image could potentially contain a XSS payload. This vulnerability is...

CVE-2011-4906

Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution...

Security Bulletin: Due to use of TinyMCE 6.8.2 IBM My webMethods Server is vulnerable to cross-site scripting.

Summary TinyMCE is used by IBM My webMethods Server. CVE-2024-38357, CVE-2024-38356 Vulnerability Details CVEID:CVE-2024-38357 DESCRIPTION: TinyMCE is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the noscript elements. A remote attacker could exploit...

Moodle 4.1.x < 4.1.3 Arbitrary Folder Creation

According to its self-reported version, the Moodle install hosted on the remote host is prior to 4.1.3. It is, therefore, affected by an Arbitrary Folder creation in TinyMCE. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported versi...

3h1-ui (>=3.0.0-liingyun.1 <=3.0.0-next.258), @abt-desk/apm (>=0.0.1 <=0.33.12) +1185 more potentially affected by CVE-2024-38356 via tinymce (>=4.5.1 <=5.10.9)

tinymce NPM version =4.5.1, =3.0.0-liingyun.1, =0.0.1, =0.1.0, =0.1.2, =0.3.7, =0.1.17, =0.1.0, =0.0.1, =1.0.0, =0.2.0-0, =1.0.18-beta.8, =1.0.0, =1.2.3-beta.1, =0.1.1, =0.1.11 and more Source cves: CVE-2024-38356 Source advisory: OSV:GHSA-9HCV-J9PV-QMPH...

@arkxio/ark-ui (>=0.1.0 <=0.1.18), @arkxio/ark-ui-src (=0.1.0) +38 more potentially affected by CVE-2024-38356 via tinymce (>=6.0.0 <=6.8.3)

tinymce NPM version =6.0.0, =0.1.0, =0.1.19, =0.1.0, =0.1.0, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.7 and more Source cves: CVE-2024-38356 Source advisory: OSV:GHSA-9HCV-J9PV-QMPH...

@ifanrx/dashboard (>=0.1.1 <=1.3.0-alpha-20240730001), @ithinkdt/editor (>=3.4.11 <=3.5.0) +1 more potentially affected by CVE-2024-38357 via tinymce (>=7.0.1 <=7.1.2)

tinymce NPM version =7.0.1, =0.1.1, =3.4.11, =3.0.7, =3.4.0-5 Source cves: CVE-2024-38357 Source advisory: OSV:GHSA-W9JX-4G6G-RP7X...