CVE-2023-45818 Cross-site Scripting vulnerability in TinyMCE undo/redo, getContent API, resetContent API, and Autosave plugin

TinyMCE is an open source rich text editor. A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before...

CVE-2023-45818 Cross-site Scripting vulnerability in TinyMCE undo/redo, getContent API, resetContent API, and Autosave plugin

TinyMCE is an open source rich text editor. A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before...

CVE-2023-45819 Cross-site Scripting vulnerability in TinyMCE notificationManager.open API

TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s Notification Manager API. The vulnerability exploits TinyMCE's unfiltered notification system, which is used in error handling. The conditions for this exploit requires carefully craft...

CVE-2023-45819

CVE-2023-45819 is a cross-site scripting vulnerability in TinyMCE’s Notification Manager API. An attacker could trigger arbitrary JavaScript execution by injecting unfiltered HTML into a notification text displayed in the TinyMCE UI for the current user, requiring crafted content and a notificati...

CVE-2023-45819 Cross-site Scripting vulnerability in TinyMCE notificationManager.open API

TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s Notification Manager API. The vulnerability exploits TinyMCE's unfiltered notification system, which is used in error handling. The conditions for this exploit requires carefully craft...

CVE-2023-45819 Cross-site Scripting vulnerability in TinyMCE notificationManager.open API

TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s Notification Manager API. The vulnerability exploits TinyMCE's unfiltered notification system, which is used in error handling. The conditions for this exploit requires carefully craft...

CVE-2023-45819

Removed by vendor...

TinyMCE XSS vulnerability in notificationManager.open API

Impact A cross-site scripting XSS vulnerability was discovered in TinyMCE’s Notification Manager API. The vulnerability exploits TinyMCE's unfiltered notification system, which is used in error handling. The conditions for this exploit requires carefully crafted malicious content to have been...

@agentlab/ldkg-ui-basetable (=0.1.1), @agentlab/ldkg-ui-charts (>=0.1.2 <=0.1.7) +329 more potentially affected by CVE-2023-45819 via tinymce (>=4.5.1 <=5.10.7)

tinymce NPM version =4.5.1, =0.1.2, =0.3.7, =0.1.17, =1.0.0, =1.0.0, =1.33.0, =1.0.0-alpha.39-baliz, =4.3.0, =0.5.0, =0.1.0, =0.0.4, =0.1.2, =0.8.4, =0.8.5 and more Source cves: CVE-2023-45819 Source advisory: OSV:GHSA-HGQX-R2HP-JR38...

GHSA-HGQX-R2HP-JR38 TinyMCE XSS vulnerability in notificationManager.open API

Impact A cross-site scripting XSS vulnerability was discovered in TinyMCE’s Notification Manager API. The vulnerability exploits TinyMCE's unfiltered notification system, which is used in error handling. The conditions for this exploit requires carefully crafted malicious content to have been...

@arkxio/ark-ui (>=0.1.0 <=0.1.18), @arkxio/ark-ui-src (=0.1.0) +34 more potentially affected by CVE-2023-45819 via tinymce (>=6.0.0 <=6.6.2)

tinymce NPM version =6.0.0, =0.1.0, =0.1.19, =0.1.0, =0.1.0, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.2 and more Source cves: CVE-2023-45819 Source advisory: OSV:GHSA-HGQX-R2HP-JR38...

@agentlab/ldkg-ui-basetable (=0.1.1), @agentlab/ldkg-ui-charts (>=0.1.2 <=0.1.7) +329 more potentially affected by CVE-2023-45818 via tinymce (>=4.5.1 <=5.10.7)

tinymce NPM version =4.5.1, =0.1.2, =0.3.7, =0.1.17, =1.0.0, =1.0.0, =1.33.0, =1.0.0-alpha.39-baliz, =4.3.0, =0.5.0, =0.1.0, =0.0.4, =0.1.2, =0.8.4, =0.8.5 and more Source cves: CVE-2023-45818 Source advisory: OSV:GHSA-V65R-P3VV-JJFV...

GHSA-V65R-P3VV-JJFV TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin

Impact A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before being stored in the undo stack. If t...

@arkxio/ark-ui (>=0.1.0 <=0.1.18), @arkxio/ark-ui-src (=0.1.0) +34 more potentially affected by CVE-2023-45818 via tinymce (>=6.0.0 <=6.6.2)

tinymce NPM version =6.0.0, =0.1.0, =0.1.19, =0.1.0, =0.1.0, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.2 and more Source cves: CVE-2023-45818 Source advisory: OSV:GHSA-V65R-P3VV-JJFV...

TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin

Impact A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before being stored in the undo stack. If t...

TinyMCE Cross-Site Scripting Vulnerability

Tiny Technologies TinyMCE is a rich text editor from Tiny Technologies, Inc. A security vulnerability exists in TinyMCE, which stems from a mutant cross-site scripting mXSS vulnerability discovered in TinyMCE's core undo and redo functionality...

Tiny Technologies TinyMCE Cross-Site Scripting Vulnerability

Tiny Technologies TinyMCE is a rich text editor from Tiny Technologies. A security vulnerability exists in TinyMCE, which stems from a cross-site scripting XSS vulnerability discovered in TinyMCE's Notification Manager API...

PT-2023-29708 · Tinymce · Tinymce

Name of the Vulnerable Software and Affected Versions: TinyMCE versions prior to 5.10.8 TinyMCE versions prior to 6.7.1 Description: A cross-site scripting XSS vulnerability was discovered in TinyMCE’s Notification Manager API. The vulnerability exploits TinyMCE's unfiltered notification system,...

Kv TinyMCE Editor Add Fonts <= 1.1 - Font List Update via CSRF

Description The plugin does not have CSRF check when updating its font list, which could allow attackers to make logged in admins perform such action via a CSRF attack...

CVE-2023-44470

Cross-Site Request Forgery CSRF vulnerability in Kvvaradha Kv TinyMCE Editor Add Fonts plugin = 1.1 versions...