Vulnerabilities > Tinymce > Tinymce > 3.5.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-04-25 | CVE-2012-4230 | Permissions, Privileges, and Access Controls vulnerability in Tinymce 3.5.8 The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the (1) encoding directive and (2) valid_elements attribute, which allows attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors, as demonstrated using a textarea element. | 4.3 |