Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Prion
Prionadded 2023/10/19 10:15 p.m.11 views

Cross site scripting

TinyMCE is an open source rich text editor. A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before...

5.8CVSS5.7AI score0.01282EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVEadded 2023/10/19 9:18 p.m.44 views

CVE-2023-45818

Removed by vendor...

6.1CVSS6.2AI score0.01282EPSS
Exploits0
Github Security Blog
Github Security Blogadded 2023/10/19 4:36 p.m.33 views

TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin

Impact A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before being stored in the undo stack. If t...

6.1CVSS6AI score0.01282EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blogadded 2022/12/08 11:30 p.m.26 views

Cross-site scripting vulnerability in TinyMCE alerts

Impact A cross-site scripting XSS vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the image plugin, which presents these dialogs when certain...

6.1CVSS0.1AI score0.01514EPSS
Exploits0References8Affected Software2
Tenable Nessus
Tenable Nessusadded 2020/11/19 12:0 a.m.16 views

TinyMCE 5.x < 5.1.4 Cross-Site Scripting

According to its self-reported version number, TinyMCE is prior to 4.9.7 or 5.x prior to 5.1.4. Therefore, it may be affected by a cross-site scripting vulnerability in the core parser, paste and visualchars plugins. Note that the scanner has not tested for these issues but has instead relied onl...

6.1CVSS6.3AI score0.00553EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2020/11/19 12:0 a.m.100 views

TinyMCE 5.x < 5.4.1 Cross-Site Scripting

According to its self-reported version number, TinyMCE is prior to 4.9.11 or 5.x prior to 5.4.1. Therefore, it may be affected by a cross-site scripting vulnerability in the editor via the clipboard or APIs. Note that the scanner has not tested for these issues but has instead relied only on the...

6.1CVSS6.5AI score0.00283EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2020/11/19 12:0 a.m.8 views

TinyMCE 5.x < 5.2.2 Cross-Site Scripting

According to its self-reported version number, TinyMCE is prior to 4.9.10 or 5.x prior to 5.2.2. Therefore, it may be affected by a cross-site scripting vulnerability in the core parser and media plugin. Note that the scanner has not tested for these issues but has instead relied only on the...

6.1CVSS6.5AI score0.01275EPSS
Exploits1References2
Rows per page
Query Builder