24 matches found
EUVD-2011-5047
Malware in sbrugna...
EUVD-2012-4174
Malware in sbrugna...
EUVD-2010-5240
Malware in sbrugna...
EUVD-2006-4536
Malware in sbrugna...
EUVD-2023-34413
Malicious code in bioql PyPI...
EUVD-2024-49306
Malicious code in bioql PyPI...
EUVD-2022-3849
Malicious code in bioql PyPI...
CVE-2024-8627
The Ultimate TinyMCE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'field' shortcode in all versions up to, and including, 5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...
CVE-2023-2967
The TinyMCE Custom Styles WordPress plugin before 1.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress Plugin TinyMCE and TinyMCE Advanced Professsional Formats and Styles Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
CVE-2023-2967 TinyMCE Custom Styles < 1.1.4 - Admin+ Stored Cross-Site Scripting
The TinyMCE Custom Styles WordPress plugin before 1.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-1217
The Custom TinyMCE Shortcode Button WordPress plugin through 1.1 does not sanitise and escape the PHPSELF variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting...
RATELIMITED: Exposure of tinyMCE js source code with plugin version disclosure which can leads to exploit further attacks.
Hello Security Team Summary : When looking for links and trying for content discovery i found a link on domain support.theendlessweb.com https://support.theendlessweb.com/swift/apps/base/javascript/global/thirdparty/TinyMCE/tinymce.min.js It contains the tinyMCE plugin and the version they are...
MCFileManager Plugin for TinyMCE 3.2.2.3 - Arbitrary File Upload Vulnerability
No description provided by source. ============================================== File Upload Vulnerability Plugins tinymce ============================================== http://tinymce.moxiecode.com/pluginsfilemanager.php Major version 3 Minor version 2.2.3 Author : Vladimir Vorontsov Contact :...
Unauthenticated enumeration of resource information via tinymce plugin
It is possible for unauthenticated users to retrieve a large amount of information from a Confluence instance, including page titles, attachment filenames, and username, by making calls to the link REST API in the confluence-tinymce-plugin. This is effective even when the anonymous user does not...
WordPress 3.5.1 - TinyMCE Plugin Flash Applet Unspecified Spoofing Weakness
...
CVE-2010-5281
Directory traversal vulnerability in ibrowser.php in the CMScout 2.09 IBrowser TinyMCE Plugin 1.4.1, when magicquotesgpc is disabled, allows remote attackers to read arbitrary files via a .. dot dot in the lang parameter. NOTE: some of these details are obtained from third party information...
Directory traversal
Directory traversal vulnerability in ibrowser.php in the CMScout 2.09 IBrowser TinyMCE Plugin 1.4.1, when magicquotesgpc is disabled, allows remote attackers to read arbitrary files via a .. dot dot in the lang parameter. NOTE: some of these details are obtained from third party information...
CVE-2010-5281
CMScout 2.09 IBrowser TinyMCE Plugin 1.4.1 is affected by a directory traversal in ibrowser.php. When magic_quotes_gpc is disabled, an attacker can read arbitrary files by injecting a .. into the lang parameter. This is a true vulnerability with CVE-2010-5281 documented by NVD (base score 6.8, ve...
CVE-2010-5281
Directory traversal vulnerability in ibrowser.php in the CMScout 2.09 IBrowser TinyMCE Plugin 1.4.1, when magicquotesgpc is disabled, allows remote attackers to read arbitrary files via a .. dot dot in the lang parameter. NOTE: some of these details are obtained from third party information...