tinymce
npm14 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting tinymcepage 1 of 1
- CVE-2019-1010091MEDIUMCVSS 6.1EG 6.1✓ Fixed in 5.2.22019-07-17
tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The component is: Media element. The attack vector is: The victim must paste malicious co…
- CVE-2020-12648MEDIUMCVSS 6.1EG 6.1✓ Fixed in 5.4.12020-08-14
A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode.
- CVE-2020-17480MEDIUMCVSS 6.1EG 6.1✓ Fixed in 5.1.42020-08-10
TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor.
- CVE-2022-23494MEDIUMCVSS 5.4EG 5.4✓ Fixed in 5.10.72022-12-08
tinymce is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the ale…
- CVE-2023-45818MEDIUMCVSS 6.1EG 6.1✓ Fixed in 5.10.82023-10-19
TinyMCE is an open source rich text editor. A mutation cross-site scripting (mXSS) vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is…
- CVE-2023-45819MEDIUMCVSS 6.1EG 6.1✓ Fixed in 5.10.82023-10-19
TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s Notification Manager API. The vulnerability exploits TinyMCE's unfiltered notification system, which is used in error hand…
- CVE-2023-48219MEDIUMCVSS 6.1EG 6.1✓ Fixed in 6.7.32023-11-15
TinyMCE is an open source rich text editor. A mutation cross-site scripting (mXSS) vulnerability was discovered in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon…
- CVE-2024-21908MEDIUMCVSS 6.1EG 6.1✓ Fixed in 5.9.02024-01-03
TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's brows…
- CVE-2024-21910MEDIUMCVSS 6.1EG 6.1✓ Fixed in 5.10.02024-01-03
TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing …
- CVE-2024-21911MEDIUMCVSS 6.1EG 6.1✓ Fixed in 5.6.02024-01-03
TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's brows…
- CVE-2024-29203MEDIUMCVSS 4.3EG 4.3✓ Fixed in 6.8.12024-03-26
TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content insertion code. This allowed `iframe` elements containing malicious code to execute when inserted into the edito…
- CVE-2024-29881MEDIUMCVSS 4.3EG 4.3✓ Fixed in 7.0.02024-03-26
TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an `object` or `embed` element and that im…
- CVE-2024-38356MEDIUMCVSS 6.1EG 6.1✓ Fixed in 7.2.02024-06-19
TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content extraction code. When using the `noneditable_regexp` option, specially crafted HTML attributes containing maliciou…
- CVE-2024-38357MEDIUMCVSS 6.1EG 6.1✓ Fixed in 7.2.02024-06-19
TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that …
Check whether tinymce is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for tinymce CVEs against the assets you own.
Start Free Scan →