org.webjars.bower:tinymce@6.2.0 vulnerabilities
-
latest version
6.8.3
-
first published
9 years ago
-
latest version published
9 months ago
-
licenses detected
- [6.0.0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.webjars.bower:tinymce package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.webjars.bower:tinymce is a WebJar for tinymce. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) when using the How to fix Cross-site Scripting (XSS)? A fix was pushed into the |
[0,)
|
org.webjars.bower:tinymce is a WebJar for tinymce. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) when parsing How to fix Cross-site Scripting (XSS)? A fix was pushed into the |
[0,)
|
org.webjars.bower:tinymce is a WebJar for tinymce. Affected versions of this package are vulnerable to Cross-Site Scripting (XSS) via How to fix Cross-Site Scripting (XSS)? A fix was pushed into the |
[0,)
|
org.webjars.bower:tinymce is a WebJar for tinymce. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) when loading SVG files via How to fix Cross-site Scripting (XSS)? A fix was pushed into the |
[0,)
|
org.webjars.bower:tinymce is a WebJar for tinymce. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via mutation of inner HTML. An attacker can inject malicious scripts that pass the initial sanitization layer when the content is parsed into the editor body, but can trigger XSS when the special internal marker is removed from the content and re-parsed. Text nodes in some parents are not sufficiently escaped upon serialization and can contain a special character reserved as an internal marker. How to fix Cross-site Scripting (XSS)? Upgrade |
[,5.10.9)
[6.0.0,6.7.3)
|
org.webjars.bower:tinymce is a WebJar for tinymce. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the core How to fix Cross-site Scripting (XSS)? Upgrade |
[,5.10.8)
[6.0.0,6.7.1)
|
org.webjars.bower:tinymce is a WebJar for tinymce. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the How to fix Cross-site Scripting (XSS)? Upgrade |
[,5.10.8)
[6.0.0,6.7.2)
|
org.webjars.bower:tinymce is a WebJar for tinymce. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the How to fix Cross-site Scripting (XSS)? Upgrade |
[,5.10.7)
[6.0.0,6.3.1)
|