Latest Tiny Vulnerabilities

CVE-2023-48219
Special characters in unescaped text nodes can trigger mXSS in TinyMCE
nuget/TinyMCE>=6.0.0<6.7.3
nuget/TinyMCE<5.10.9
composer/tinymce/tinymce>=6.0.0<6.7.3
composer/tinymce/tinymce<5.10.9
npm/tinymce>=6.0.0<6.7.3
npm/tinymce<5.10.9
and 2 more
CVE-2023-45819
TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s Notification Manager API. The vulnerability exploits TinyMCE's unfiltered notificatio...
Tiny Tinymce<5.10.8
Tiny Tinymce>=6.0.0<6.7.1
CVE-2023-45818
TinyMCE is an open source rich text editor. A mutation cross-site scripting (mXSS) vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet pas...
Tiny Tinymce<5.10.8
Tiny Tinymce>=6.0.0<6.7.1
CVE-2020-23066
Cross Site Scripting vulnerability in TinyMCE v.4.9.6 and before and v.5.0.0 thru v.5.1.4 allows an attacker to execute arbitrary code via the editor function.
Tiny Tinymce<=4.9.6
Tiny Tinymce>=5.0.0<=5.1.4
CVE-2022-23494
tinymce is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. Thi...
Tiny Tinymce<5.10.7
Tiny Tinymce>=6.0.0<6.3.1
CVE-2021-23562
This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.
Tiny Plupload<2.3.9
CVE-2024-21910
Cross-site scripting vulnerability in TinyMCE plugins
pip/django-tinymce<3.4.0
nuget/TinyMCE<5.10.0
composer/tinymce/tinymce<5.10.0
npm/tinymce<5.10.0
npm/tinymce<5.10.0
Tiny Tinymce<5.10.0
and 1 more
CVE-2024-21908
Cross-site scripting vulnerability in TinyMCE
composer/tinymce/tinymce<5.9.0
nuget/TinyMCE<5.9.0
npm/tinymce<5.9.0
Tiny Tinymce<5.9.0
<5.9.0
CVE-2024-21911
Cross-site scripting vulnerability in TinyMCE
composer/tinymce/tinymce<5.6.0
nuget/TinyMCE<5.6.0
npm/tinymce<5.6.0
npm/tinymce<5.6.0
Tiny Tinymce<5.6.0
<5.6.0
CVE-2020-12648
A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode.
Tiny Tinymce<4.9.11
Tiny Tinymce>=5.0.0<5.4.1
CVE-2020-17480
TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor.
Tiny Tinymce<4.9.7
Tiny Tinymce>=5.0.0<5.1.4
CVE-2011-4908
TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php.
Tiny Tinybrowser<1.5.13
CVE-2011-4906
Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution.
Tiny Tinybrowser<1.5.13
CVE-2019-1010091
tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The component is: Media element. The attack vector...
Tiny Tinymce<4.9.10
Tiny Tinymce>=5.0.0<5.2.2
CVE-2019-10012
Jenzabar JICS (aka Internet Campus Solution) before 9 allows remote attackers to upload and execute arbitrary .aspx code by placing it in a ZIP archive and using the MoxieManager (for .NET) plugin bef...
Jenzabar Internet Campus Solution=9
Tiny Moxiemanager<2.1.4

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203