5 matches found
CVE-2012-4230
The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the 1 encoding directive and 2 validelements attribute, which allows attackers to conduct cross-site scripting XSS attacks via application-specific vectors, as demonstrated using a textarea element...
Cross site scripting
The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the 1 encoding directive and 2 validelements attribute, which allows attackers to conduct cross-site scripting XSS attacks via application-specific vectors, as demonstrated using a textarea element...
CVE-2012-4230
The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the 1 encoding directive and 2 validelements attribute, which allows attackers to conduct cross-site scripting XSS attacks via application-specific vectors, as demonstrated using a textarea element...
CVE-2012-4230
Removed by vendor...
CVE-2012-4230
CVE-2012-4230 affects the TinyMCE 3.5.8 bbcode plugin, where the plugin does not properly enforce the security policy for two directives: (1) encoding and (2) valid_elements. This misconfiguration allows attackers to perform cross-site scripting (XSS) via application-specific vectors, demonstrate...