← Back

Tinymce

tinymce

Vendor: Tinymce • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2012-4230
1Tinymce
1Tinymce
May 6, 2026
Apr 25, 2014
N/A· v4
N/A· v3
4.3 MEDIUM· v2
The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the (1) encoding directive and (2) valid_elements attribute, which allows attackers to conduct cross-site scripting (XSS) attac...Show more
The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the (1) encoding directive and (2) valid_elements attribute, which allows attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors, as demonstrated using a textarea element.Show less
CVE-2011-4825
3Phpletter
PhpmyfaqTinymce
3Ajax File And Image Manager
PhpmyfaqTinymce
Apr 29, 2026
Dec 15, 2011
N/A· v4
N/A· v3
7.5 HIGH· v2
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allow...Show more
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.Show less