915 matches found
CVE-2020-12648
A cross-site scripting XSS vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode...
Cross site scripting
A cross-site scripting XSS vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode...
UBUNTU-CVE-2020-12648
A cross-site scripting XSS vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode...
CVE-2020-12648
A cross-site scripting XSS vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode...
CVE-2020-12648
Removed by vendor...
CVE-2020-12648
CVE-2020-12648 describes an XSS vulnerability in TinyMCE 5.2.1 and earlier, exploitable when configured in classic editing mode. The provided connected documents corroborate that TinyMCE’s classic editor mode allows remote attackers to inject arbitrary web scripts, but do not provide details on a...
High-Severity TinyMCE Cross-Site Scripting Flaw Fixed
A high-severity flaw has been disclosed in TinyMCE, an open-source text editor used in the content management systems CMS of websites. The recently patched flaw could have been potentially exploited remotely by attackers to gain administrative privileges to websites. TinyMCE, developed by Tiny...
@angular-materials/ngx-admin (>=1.0.0 <=1.0.1), @ec.components/tinymce (>=0.5.7 <=0.6.0) +34 more potentially affected by CVE-2020-12648 via tinymce (>=4.5.1 <=4.8.5)
tinymce NPM version =4.5.1, =1.0.0, =0.5.7, =0.1.1, =0.0.13, =1.3.0, =8.0.0, =0.8.8, =0.6.3, =1.2.0, =1.0.0-alpha.0, =1.1.0, =2.4.1, =4.0.0 and more Source cves: CVE-2020-12648 Source advisory: OSV:GHSA-VRV8-V4W8-F95H...
3h1-ui (>=2.14.41 <=3.0.0-next.258), @abt-desk/apm (>=0.0.1 <=0.33.12) +956 more potentially affected by CVE-2020-12648 via tinymce (>=5.0.11 <=5.3.2)
tinymce NPM version =5.0.11, =2.14.41, =0.0.1, =0.1.0, =0.1.2, =0.3.7, =0.1.17, =0.1.0, =0.0.1, =0.2.0-0, =1.0.18-beta.8, =1.0.0, =1.2.3-beta.1, =0.1.1, =1.0.0, =8.7.0 and more Source cves: CVE-2020-12648 Source advisory: OSV:GHSA-VRV8-V4W8-F95H...
GHSA-VRV8-V4W8-F95H Cross-site scripting vulnerability in TinyMCE
Impact A cross-site scripting XSS vulnerability was discovered in the core parser. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor via the clipboard or APIs. This impacts all users who are using TinyMCE 4.9.10 or lower a...
Cross-site scripting vulnerability in TinyMCE
Impact A cross-site scripting XSS vulnerability was discovered in the core parser. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor via the clipboard or APIs. This impacts all users who are using TinyMCE 4.9.10 or lower a...
CVE-2020-17480
TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor...
CVE-2020-17480
TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor...
UBUNTU-CVE-2020-17480
TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor...
Cross site scripting
TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor...
CVE-2020-17480
TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor...
CVE-2020-17480
Removed by vendor...
CVE-2020-17480
TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor...
CVE-2020-17480
The CVE-2020-17480 issue affects TinyMCE prior to 4.9.7 and 5.x prior to 5.1.4, where cross-site scripting can be triggered by inserting content via clipboard or editor APIs in the core parser, paste plugin, and visualchars plugin. The vulnerability arises from improper input validation and can b...
TinyMCE XSS vulnerability on version 4.7.11
h4. Description It seems that Confluence bundles a version of TinyMCE within the editor that has an XSS vulnerability. Confluence version 7.4.1 uses version 0.4.34 of the confluence-editor plugin that includes 4.7.11 of TinyMCE as a dependency Confluence version 7.6.2 uses version 0.4.41 of the...