Tinymce Security Vulnerabilities and Issues — Tinymce CVE List

Lucene search

TinyTinymce

5 matches found

CVE•added 2024/03/26 2:15 p.m.•99 views

CVE-2024-29881

TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an object or embed element and that image could potentially contain a XSS payload. This vulnerability is ...

6.1CVSS4.2AI score0.02514EPSS

CVE•added 2024/03/26 2:15 p.m.•60 views

CVE-2024-29203

TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content insertion code. This allowed iframe elements containing malicious code to execute when inserted into the editor. These iframe elements are restricted in their permissions by sa...

6.1CVSS4.3AI score0.01571EPSS

CVE•added 2024/01/03 4:15 p.m.•58 views

CVE-2024-21910

TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser.

6.1CVSS6.1AI score0.01211EPSS

CVE•added 2024/01/03 4:15 p.m.•54 views

CVE-2024-21908

TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.

6.1CVSS5.9AI score0.00365EPSS

CVE•added 2024/01/03 4:15 p.m.•54 views

CVE-2024-21911

TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.

6.1CVSS5.9AI score0.00824EPSS