Search for packages
| purl | pkg:npm/tinymce@4.6.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-9brg-dm6s-2ba7
Aliases: CVE-2024-21911 GHSA-w7jx-j77m-wp65 GMS-2021-193 GMS-2021-508 GMS-2021-616 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in tinymce. |
Affected by 0 other vulnerabilities. |
|
VCID-cz6w-pdan-rfa4
Aliases: GHSA-vrv8-v4w8-f95h GMS-2020-789 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in tinymce. |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-e8m3-ecws-efeg
Aliases: CVE-2019-1010091 GHSA-c78w-2gw7-gjv3 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') tinymce The impact is: JavaScript code execution. The component is: Media element. The attack vector is: The victim must paste malicious content to media element's embed tab. |
Affected by 4 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-qngh-qsty-nkhh
Aliases: CVE-2020-12648 |
Cross-site Scripting A cross-site scripting (XSS) vulnerability in TinyMCE allows remote attackers to inject arbitrary web script when configured in classic editing mode. |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-r9zu-cdb9-8ubc
Aliases: GHSA-h96f-fc7c-9r55 GMS-2021-191 |
Regex denial of service vulnerability in codesample plugin A regex denial of service (ReDoS) vulnerability was discovered in a dependency of the `codesample` plugin. |
Affected by 0 other vulnerabilities. |
|
VCID-yxpz-j48p-dydc
Aliases: CVE-2020-17480 GHSA-27gm-ghr9-4v95 |
Cross-site Scripting TinyMCE allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor. |
Affected by 5 other vulnerabilities. Affected by 5 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||