Search for packages
| purl | pkg:composer/tinymce/tinymce@4.3.7 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-9brg-dm6s-2ba7
Aliases: CVE-2024-21911 GHSA-w7jx-j77m-wp65 GMS-2021-193 GMS-2021-508 GMS-2021-616 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in tinymce. |
Affected by 0 other vulnerabilities. |
|
VCID-qngh-qsty-nkhh
Aliases: CVE-2020-12648 |
Cross-site Scripting A cross-site scripting (XSS) vulnerability in TinyMCE allows remote attackers to inject arbitrary web script when configured in classic editing mode. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-yxpz-j48p-dydc
Aliases: CVE-2020-17480 GHSA-27gm-ghr9-4v95 |
Cross-site Scripting TinyMCE allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor. |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-04T20:43:05.301198+00:00 | GitLab Importer | Affected by | VCID-9brg-dm6s-2ba7 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/tinymce/tinymce/GMS-2021-508.yml | 38.6.0 |
| 2026-06-04T20:34:08.125032+00:00 | GitLab Importer | Affected by | VCID-qngh-qsty-nkhh | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/tinymce/tinymce/CVE-2020-12648.yml | 38.6.0 |
| 2026-06-04T20:34:01.548883+00:00 | GitLab Importer | Affected by | VCID-yxpz-j48p-dydc | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/tinymce/tinymce/CVE-2020-17480.yml | 38.6.0 |