CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1217 – Custom TinyMCE Shortcode Button <= 1.1 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-1217
19 Apr 2022 — The Custom TinyMCE Shortcode Button WordPress plugin through 1.1 does not sanitise and escape the PHP_SELF variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting. El plugin Custom TinyMCE Shortcode Button de WordPress versiones hasta 1.1, no sanea ni escapa de la variable PHP_SELF antes de devolverla a un atributo en una página de administración, conllevando a un ataque de tipo Cross-Site Scripting Reflejado • https://wpscan.com/vulnerability/15875f52-7a49-44c7-8a36-b49ddf37c20c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2012-4230
https://notcve.org/view.php?id=CVE-2012-4230
25 Apr 2014 — The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the (1) encoding directive and (2) valid_elements attribute, which allows attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors, as demonstrated using a textarea element. El plugin bbcode en TinyMCE 3.5.8 no refuerza debidamente TinyMCE Security Policy para el (1) directivo de codificación y (2) atributo valid_elements, lo que permite a atacantes remotos realizar ataques de XSS a t... • http://osvdb.org/91130 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 83%CPEs: 41EXPL: 8CVE-2011-4825 – aidiCMS 3.55 - 'ajax_create_folder.php' Remote Code Execution
https://notcve.org/view.php?id=CVE-2011-4825
15 Dec 2011 — Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters. Vulnerabilidad de inyección de código estático en inc/function.base.php de Ajax File y Image Manager en versiones anteriores a 1.1, tal como se usa en tinymce en versiones anteriores a 1.4.2, phpMyFAQ 2.6 a... • https://www.exploit-db.com/exploits/18085 • CWE-94: Improper Control of Generation of Code ('Code Injection') •