Tinymce Security Vulnerabilities and Issues — Tinymce CVE List

Lucene search

TinyTinymce

10 matches found

CVE•added 2022/12/08 10:15 p.m.•98 views

CVE-2022-23494

tinymce is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the image plugin, which pr...

6.1CVSS5.7AI score0.0231EPSS

CVE•added 2020/08/10 8:15 p.m.•80 views

CVE-2020-17480

TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor.

6.1CVSS5.7AI score0.00881EPSS

CVE•added 2023/11/15 7:15 p.m.•78 views

CVE-2023-48219

TinyMCE is an open source rich text editor. A mutation cross-site scripting (mXSS) vulnerability was discovered in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon serialization according to the HTML standard. If such text no...

6.1CVSS5.8AI score0.02622EPSS

CVE•added 2020/08/14 2:15 p.m.•67 views

CVE-2020-12648

A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode.

6.1CVSS5.8AI score0.00056EPSS

CVE•added 2024/01/03 4:15 p.m.•57 views

CVE-2024-21910

TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser.

6.1CVSS6.1AI score0.01211EPSS

CVE•added 2023/10/19 10:15 p.m.•55 views

CVE-2023-45818

TinyMCE is an open source rich text editor. A mutation cross-site scripting (mXSS) vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before...

6.1CVSS5.8AI score0.01282EPSS

CVE•added 2024/01/03 4:15 p.m.•53 views

CVE-2024-21911

TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.

6.1CVSS5.9AI score0.00824EPSS

CVE•added 2024/01/03 4:15 p.m.•50 views

CVE-2024-21908

TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.

6.1CVSS5.9AI score0.00365EPSS

CVE•added 2019/07/17 5:15 p.m.•49 views

CVE-2019-1010091

tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The component is: Media element. The attack vector is: The victim must paste malicious content to media element's embed tab.

6.1CVSS6.3AI score0.01062EPSS

CVE•added 2023/10/19 10:15 p.m.•47 views

CVE-2023-45819

TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s Notification Manager API. The vulnerability exploits TinyMCE's unfiltered notification system, which is used in error handling. The conditions for this exploit requires carefully craft...

6.1CVSS6AI score0.0284EPSS