Latest Tiny Vulnerabilities

Special characters in unescaped text nodes can trigger mXSS in TinyMCE
and 2 more
TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s Notification Manager API. The vulnerability exploits TinyMCE's unfiltered notificatio...
Tiny Tinymce<5.10.8
Tiny Tinymce>=6.0.0<6.7.1
TinyMCE is an open source rich text editor. A mutation cross-site scripting (mXSS) vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet pas...
Tiny Tinymce<5.10.8
Tiny Tinymce>=6.0.0<6.7.1
Cross Site Scripting vulnerability in TinyMCE v.4.9.6 and before and v.5.0.0 thru v.5.1.4 allows an attacker to execute arbitrary code via the editor function.
Tiny Tinymce<=4.9.6
Tiny Tinymce>=5.0.0<=5.1.4
tinymce is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. Thi...
Tiny Tinymce<5.10.7
Tiny Tinymce>=6.0.0<6.3.1
This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.
Tiny Plupload<2.3.9
Cross-site scripting vulnerability in TinyMCE plugins
Tiny Tinymce<5.10.0
and 1 more
Cross-site scripting vulnerability in TinyMCE
Tiny Tinymce<5.9.0
Cross-site scripting vulnerability in TinyMCE
Tiny Tinymce<5.6.0
A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode.
Tiny Tinymce<4.9.11
Tiny Tinymce>=5.0.0<5.4.1
TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor.
Tiny Tinymce<4.9.7
Tiny Tinymce>=5.0.0<5.1.4
TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php.
Tiny Tinybrowser<1.5.13
Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution.
Tiny Tinybrowser<1.5.13
tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The component is: Media element. The attack vector...
Tiny Tinymce<4.9.10
Tiny Tinymce>=5.0.0<5.2.2
Jenzabar JICS (aka Internet Campus Solution) before 9 allows remote attackers to upload and execute arbitrary .aspx code by placing it in a ZIP archive and using the MoxieManager (for .NET) plugin bef...
Jenzabar Internet Campus Solution=9
Tiny Moxiemanager<2.1.4


SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203