Vulnerabilities > Tiny

DATE CVE VULNERABILITY TITLE RISK
2024-01-03 CVE-2024-21908 Cross-site Scripting vulnerability in Tiny Tinymce
TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability.
network
low complexity
tiny CWE-79
6.1
2024-01-03 CVE-2024-21910 Cross-site Scripting vulnerability in Tiny Tinymce
TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability.
network
low complexity
tiny CWE-79
6.1
2024-01-03 CVE-2024-21911 Cross-site Scripting vulnerability in Tiny Tinymce
TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability.
network
low complexity
tiny CWE-79
6.1
2023-11-15 CVE-2023-48219 Cross-site Scripting vulnerability in Tiny Tinymce
TinyMCE is an open source rich text editor.
network
low complexity
tiny CWE-79
6.1
2023-10-19 CVE-2023-45818 Cross-site Scripting vulnerability in Tiny Tinymce
TinyMCE is an open source rich text editor.
network
low complexity
tiny CWE-79
6.1
2023-10-19 CVE-2023-45819 Cross-site Scripting vulnerability in Tiny Tinymce
TinyMCE is an open source rich text editor.
network
low complexity
tiny CWE-79
6.1
2022-12-08 CVE-2022-23494 Cross-site Scripting vulnerability in Tiny Tinymce
tinymce is an open source rich text editor.
network
low complexity
tiny CWE-79
6.1
2021-12-03 CVE-2021-23562 Unrestricted Upload of File with Dangerous Type vulnerability in Tiny Plupload
This affects the package plupload before 2.3.9.
network
tiny CWE-434
6.8
2020-08-14 CVE-2020-12648 Cross-site Scripting vulnerability in Tiny Tinymce
A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode.
network
tiny CWE-79
4.3
2020-08-10 CVE-2020-17480 Cross-site Scripting vulnerability in Tiny Tinymce
TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor.
network
tiny CWE-79
4.3