4 matches found
Cross-site scripting vulnerability in TinyMCE alerts
Impact A cross-site scripting XSS vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the image plugin, which presents these dialogs when certain...
TinyMCE 5.x < 5.1.4 Cross-Site Scripting
According to its self-reported version number, TinyMCE is prior to 4.9.7 or 5.x prior to 5.1.4. Therefore, it may be affected by a cross-site scripting vulnerability in the core parser, paste and visualchars plugins. Note that the scanner has not tested for these issues but has instead relied onl...
TinyMCE 5.x < 5.4.1 Cross-Site Scripting
According to its self-reported version number, TinyMCE is prior to 4.9.11 or 5.x prior to 5.4.1. Therefore, it may be affected by a cross-site scripting vulnerability in the editor via the clipboard or APIs. Note that the scanner has not tested for these issues but has instead relied only on the...
TinyMCE 5.x < 5.2.2 Cross-Site Scripting
According to its self-reported version number, TinyMCE is prior to 4.9.10 or 5.x prior to 5.2.2. Therefore, it may be affected by a cross-site scripting vulnerability in the core parser and media plugin. Note that the scanner has not tested for these issues but has instead relied only on the...