Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

tinymce — Vulnerabilities & Security Advisories 9

Browse all 9 CVE security advisories affecting tinymce. AI-powered Chinese analysis, POCs, and references for each vulnerability.

TinyMCE serves as a widely adopted WYSIWYG editor integrated into content management systems and web applications to enable rich text editing capabilities. Historically, it has been susceptible to cross-site scripting (XSS) vulnerabilities, remote code execution (RCE), and privilege escalation flaws, often stemming from improper input validation and sanitization. The project maintains a moderate security posture with nine CVEs recorded, though no major incidents have been widely documented. Regular updates and careful implementation are recommended to mitigate risks, as its extensive deployment makes it a potential target for exploitation in web environments.

Found 9 results / 9Clear Filters
Top products by tinymce: tinymce
CVE IDTitleCVSSSeverityPublished
CVE-2024-38357 TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements — tinymceCWE-79 6.1 Medium2024-06-19
CVE-2024-38356 TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option — tinymceCWE-79 6.1 Medium2024-06-19
CVE-2024-29881 TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements — tinymceCWE-79 4.3 Medium2024-03-26
CVE-2024-29203 TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes — tinymceCWE-79 4.3 Medium2024-03-26
CVE-2023-48219 Special characters in unescaped text nodes can trigger mXSS in TinyMCE — tinymceCWE-79 6.1 Medium2023-11-15
CVE-2023-45818 Cross-site Scripting vulnerability in TinyMCE undo/redo, getContent API, resetContent API, and Autosave plugin — tinymceCWE-79 6.1 Medium2023-10-19
CVE-2023-45819 Cross-site Scripting vulnerability in TinyMCE notificationManager.open API — tinymceCWE-79 6.1 Medium2023-10-19
CVE-2022-23494 Cross-site scripting vulnerability in TinyMCE alerts — tinymceCWE-79 5.4 Medium2022-12-08
CVE-2019-1010091 tinymce 跨站脚本漏洞 — tinymceCWE-79 6.1 -2019-07-17

This page lists every published CVE security advisory associated with tinymce. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.