Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
WS-2016-0082
Good to know:
Date: August 13, 2015
Tinymce is vulnerable to Cross-Site Scripting (XSS) attacks due to improperly filtered script attributes.
Language: Java
Severity Score
Severity Score
Weakness Type (CWE)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-79Top Fix
Upgrade Version
Upgrade to version roots/wordpress - 4.2.3;roots/wordpress - 4.0.1;roots/wordpress - 4.2.20;roots/wordpress - 4.3.1;roots/wordpress - 4.1.7;roots/wordpress - 4.2.10;roots/wordpress - 4.0.4;roots/wordpress - 4.0.26;roots/wordpress - 4.1.6;roots/wordpress - 4.2.2;roots/wordpress - 4.0.18;roots/wordpress - 4.1.10;roots/wordpress - 4.1.5;roots/wordpress - 4.0.16;roots/wordpress - 4.1.33;roots/wordpress - 4.0.2;roots/wordpress - 4.2.14;roots/wordpress - 4.0.22;roots/wordpress - 4.2.13;roots/wordpress - 4.2.15;roots/wordpress - 4.1.8;roots/wordpress - 4.0.21;roots/wordpress - 4.0.5;roots/wordpress - 4.0.17;roots/wordpress - 4.1.20;roots/wordpress - 4.2.24;roots/wordpress - 4.1.1;roots/wordpress - 4.1.18;roots/wordpress - 4.1.12;roots/wordpress - 4.0.3;roots/wordpress - 4.0.33;roots/wordpress - 4.2.19;roots/wordpress - 4.0.11;roots/wordpress - 4.1.9;roots/wordpress - 4.0.27;roots/wordpress - 4.1.23;roots/wordpress - 4.1.15;roots/wordpress - 4.1.22;roots/wordpress - 4.1.17;roots/wordpress - 4.1.13;roots/wordpress - 4.1.16;roots/wordpress - 4.1.21;roots/wordpress - 4.1.25;roots/wordpress - 4.0.13;roots/wordpress - 4.1.11;roots/wordpress - 4.0.8;roots/wordpress - 4.0.12;roots/wordpress - 4.0.20;roots/wordpress - 4.0.6;roots/wordpress - 4.1.24;roots/wordpress - 4.1.3;roots/wordpress - 4.1.14;roots/wordpress - 4.2.18;roots/wordpress - 4.2.23;roots/wordpress - 4.0.15;roots/wordpress - 4.1.4;roots/wordpress - 4.1.19;roots/wordpress - 4.0.7;roots/wordpress - 4.1.27;roots/wordpress - 4.0.23;roots/wordpress - 4.2.21;roots/wordpress - 4.0.9;roots/wordpress - 4.0.24;roots/wordpress - 4.2.5;roots/wordpress - 4.2.8;roots/wordpress - 4.2.12;roots/wordpress - 4.1.2;roots/wordpress - 4.2.16;roots/wordpress - 4.2.4;roots/wordpress - 4.0.10;roots/wordpress - 4.0.25;roots/wordpress - 4.2.1;roots/wordpress - 4.2.9;roots/wordpress - 4.2.17;roots/wordpress - 4.1.26;roots/wordpress - 4.2.30;roots/wordpress - 4.2.11;roots/wordpress - 4.2.6;roots/wordpress - 4.0.14;roots/wordpress - 4.2.22;roots/wordpress - 4.2.7;roots/wordpress - 4.0.19;tacowordpress2/tacowordpress - no_fix;tacowordpress2/tacowordpress - v0.9;roots/wordpress-no-content - 4.0.35;roots/wordpress-no-content - 4.3.28;roots/wordpress-no-content - 4.1.35;roots/wordpress-no-content - 4.2.32;lundegaard/tinymce - no_fix;johnpbloch/wordpress-core - 3.9.1;johnpbloch/wordpress-core - 4.3.0;johnpbloch/wordpress-core - 4.1.33;johnpbloch/wordpress-core - 4.0.0;johnpbloch/wordpress-core - 4.0.33;johnpbloch/wordpress-core - 4.1.0;johnpbloch/wordpress-core - 4.2.1;johnpbloch/wordpress-core - 4.2.27;johnpbloch/wordpress-core - 4.2.0;johnpbloch/wordpress-core - 4.0.1;johnpbloch/wordpress-core - 4.1.1;johnpbloch/wordpress-core - 3.9.34;johnpbloch/wordpress-core - 4.1.30;johnpbloch/wordpress-core - 3.9.31;johnpbloch/wordpress-core - 4.2.30;johnpbloch/wordpress-core - 4.0.30;tacowordpress/tacowordpress - v0.9;tacowordpress/tacowordpress - v1.0;tacowordpress/tacowordpress - no_fix;kanopi/wordpress-core - 4.0.12;kanopi/wordpress-core - 4.1.23;kanopi/wordpress-core - 4.2.20;kanopi/wordpress-core - 4.1.18;kanopi/wordpress-core - 4.0.6;kanopi/wordpress-core - 4.3;kanopi/wordpress-core - 4.1.10;kanopi/wordpress-core - 4.2.12;kanopi/wordpress-core - 4.1.30;kanopi/wordpress-core - 4.0.20;kanopi/wordpress-core - 4.0.29;vocativ/wordpress - no_fix;vocativ/wordpress - 3.9.1;vocativ/wordpress - 4.1.1;vocativ/wordpress - 4.0.1;vocativ/wordpress - 1.5;vocativ/wordpress - 4.2.1;opencontent/ocopendata_forms-ls - no_fix;opencontent/ocopendata_forms-ls - 1.6.10;opencontent/ocopendata_forms-ls - 1.5.2;opencontent/ocopendata_forms-ls - 1.0beta;diamante/desk-application - 2.0.1;diamante/desk-application - 1.0.0;diamante/desk-application - no_fix;UmbracoCms - 7.3.0-beta;UmbracoCms - 7.6.0-RC;thorsten/phpmyfaq - 2.5.2;thorsten/phpmyfaq - 2.9.x-dev;gaomingcode/tinymce - 4.2.4;bootleg/cms - 1.0;poliondas/wordpress-br - no_fix;diamante/front-bundle - 1.0.0-rc1;diamante/front-bundle - no_fix;diamante/front-bundle - 2.0.2;composer-wordpress/no-content - 4.0.35;composer-wordpress/no-content - 4.1.35;composer-wordpress/no-content - 4.2.32;roots/wordpress-full - 4.3.28;roots/wordpress-full - 4.0.35;roots/wordpress-full - 4.2.32;roots/wordpress-full - 4.1.35;pantheon-systems/wordpress-composer - 4.x-dev;pantheon-systems/wordpress-composer - 4.2.1;pantheon-systems/wordpress-composer - 4.3.1;pantheon-systems/wordpress-composer - 4.1.2;weicms/article - no_fix;ivoglent/yii2-media - no_fix;Grupa26.Starter - no_fix;ablypl/wordpress - v1.0.7;reginaldojunior/winners - v0.1.1-beta;runopencode/diem-extended - no_fix;claroline/front-end-bundle - 5.0.1;claroline/front-end-bundle - 1.0.0;composer-wordpress/new-bundled - 4.1.20;composer-wordpress/new-bundled - 4.1.11;composer-wordpress/new-bundled - 4.2.32;composer-wordpress/new-bundled - 4.0.19;composer-wordpress/new-bundled - 4.1.35;composer-wordpress/new-bundled - 4.0.35;phpmyfaq/phpmyfaq - 2.9.0-alpha;phpmyfaq/phpmyfaq - 2.5.2;phpmyfaq/phpmyfaq - 2.9.0;gdmedia/silverstripe-frontend-admin - no_fix;kinsta/kinsta-mu-plugins - 4.x-dev;kinsta/kinsta-mu-plugins - 4.3.1;labo/testmanu-bundle - no_fix;TinyMCE.jQuery - 4.2.4;leocolomb/wordpress - 4.3;leocolomb/wordpress - 4.1;leocolomb/wordpress - 4.2.28;leocolomb/wordpress - 4.2;zfmaster/tinymce4 - no_fix;zfmaster/tinymce4 - 4.0.0;inpsyde/wordpress-dev - 4.1.1;inpsyde/wordpress-dev - 4.2.1;inpsyde/wordpress-dev - 4.0.1;inpsyde/wordpress-dev - 3.9.1;ondrakub/wordpress-custom - no_fix;fesal/cms_base_voila - no_fix;ycms/framework - v5.1.0;composer-wordpress/full - 4.0.35;composer-wordpress/full - 4.2.32;composer-wordpress/full - 4.1.35;medreleaf/wordpress - 3.9.1;medreleaf/wordpress - 4.0.1;medreleaf/wordpress - 4.1.1;medreleaf/wordpress - 4.2.1;digitalmeat/themosis - 0.9.1;krafthaus/bauhaus - no_fix;wp-extended/wordpress - 4.0.1;wp-extended/wordpress - 4.2.1;wp-extended/wordpress - 3.9.1;wp-extended/wordpress - 4.1.1;ixa/wordpress-core - 4.4;voila_cms/crudbooster - no_fix;voila_cms/crudbooster - v2.0.1;voila_cms/crudbooster - dev-master;reliv/rcm-plugins - no_fix;themosis/themosis - 0.9.1;TinyMCE - 4.2.4;arx/arxmin - 5.0.1;humanit-se/wordpress-sv - v4.2;humanit-se/wordpress-sv - v4.3;mvpdesign/themosis - 0.9.1;tinymce - 4.2.4;huebs/tinymce - stable;huebs/tinymce - no_fix;imagecms/imagecms - v1.0.5;imagecms/imagecms - v4.10;rcm/plugins - no_fix;TheMVCForum - 1.7.0;mediaweb/silverstripe-tinymce4 - 1.1.x-dev;StreamFx.UIWeb - no_fix;fesal_voila/cms_base_voila - no_fix;PluginBlog - no_fix;dcwiklik/wordpress - no_fix;Umbraco.BuildServerAssets - no_fix;my-oos/my-oos - v2.0.55;zhangyingxi/zyxhome - no_fix;zynfly/themosis - 0.9.1;GAC.Client - no_fix;gladeye/themosis - 0.9.1;acosf/archersys - 1.0;laravel-plus/wordpress - v1.0.6;org.webjars:mirador:2.3.0;org.webjars.npm:alpaca:no_fix;org.webjars.npm:mirador:no_fix;org.webjars.npm:github-com-gitana-alpaca:no_fix;org.webjars.bower:tinymce-dist:4.2.5
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | REQUIRED |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | HIGH |
| Integrity (I): | HIGH |
| Availability (A): | LOW |