Every CVE whose affected-product data names Tiny Tinymce, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2026-47762 — CVSS 8.7 (high): TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via forged mce:protected…
CVE-2026-47761 — CVSS 8.7 (high): TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability in the media plugin…
CVE-2026-47760 — CVSS 8.7 (high): TinyMCE is an open source rich text editor. From 6.8.0 to before 7.1.0, TinyMCE contains an XSS vulnerability caused by improper SVG…
CVE-2026-47759 — CVSS 8.7 (high): TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via unsanitized…
CVE-2023-45819 — CVSS 6.1 (medium): TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s Notification Manager…
CVE-2023-48219 — CVSS 6.1 (medium): TinyMCE is an open source rich text editor. A mutation cross-site scripting (mXSS) vulnerability was discovered in TinyMCE’s core…
CVE-2024-21908 — CVSS 6.1 (medium): TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could…
CVE-2019-1010091 — CVSS 6.1 (medium): tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code…
CVE-2024-21911 — CVSS 6.1 (medium): TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could…
CVE-2024-21910 — CVSS 6.1 (medium): TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce…
CVE-2020-12648 — CVSS 6.1 (medium): A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when…
CVE-2020-17480 — CVSS 6.1 (medium): TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the…
CVE-2023-45818 — CVSS 6.1 (medium): TinyMCE is an open source rich text editor. A mutation cross-site scripting (mXSS) vulnerability was discovered in TinyMCE’s core undo…
CVE-2022-23494 — CVSS 5.4 (medium): tinymce is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in the alert and confirm dialogs when…
CVE-2024-29881 — CVSS 4.3 (medium): TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content loading and…
CVE-2024-29203 — CVSS 4.3 (medium): TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content insertion…