Lucene search
Veracode Vulnerability DatabaseVERACODE:38393HistoryDec 09, 2022 - 7:26 a.m.
Cross-site Scripting (XSS)
2022-12-0907:26:35
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
tinymce
xss
vulnerability
dialog.ts
injection
javascript
0.002 Low
EPSS
Percentile
54.9%
tinymce is vulnerable to cross-site scripting. The vulnerability exists in pBodyMessage function of Dialog.ts due to lack of sanitization in alert and confirm messages which allows an attacker to inject and execute malicious JavaScript.
References
github.com/tinymce/tinymce/commit/6923d85eba6de3e08ebc9c5a387b5abdaa21150e
github.com/tinymce/tinymce/commit/8bb2d2646d4e1a718fce61a775fa22e9d317b32d
github.com/tinymce/tinymce/security/advisories/GHSA-gg8r-xjwq-4w92
www.tiny.cloud/docs/release-notes/release-notes5107/#securityfixes
www.tiny.cloud/docs/tinymce/6/6.3-release-notes/#security-fixes
www.tiny.cloud/docs/tinymce/6/file-image-upload/#images_upload_handler
Related
ubuntucve
ubuntucve
CVE-2022-23494
2022-12-08 00:00:00
debiancve
debiancve
CVE-2022-23494
2022-12-08 22:15:10
prion
prion
Cross site scripting
2022-12-08 22:15:00
osv
osv
Cross-site scripting vulnerability in TinyMCE alerts
2022-12-08 23:30:01
CVE-2022-23494
2022-12-08 22:15:10
nvd
nvd
CVE-2022-23494
2022-12-08 22:15:10
cve
cve
CVE-2022-23494
2022-12-08 22:15:10
ibm
ibm
Security Bulletin: There is a security vulnerability in TinyMCE used by IBM Maximo for Civil Infrastructure in Maximo Application Suite (CVE-2022-23494)
2023-03-28 13:29:12
cvelist
cvelist
CVE-2022-23494 Cross-site scripting vulnerability in TinyMCE alerts
2022-12-08 21:29:26
github
github
Cross-site scripting vulnerability in TinyMCE alerts
2022-12-08 23:30:01
openvas
openvas
Moodle 4.1 < 4.1.2 Multiple Vulnerabilities
2023-03-24 00:00:00