tinymce
php · tinymceCritical
TinyMCE Stored XSS via data-mce-* Attributes
Stored XSS vulnerability via unsanitized data-mce-* attributes (data-mce-href, data-mce-src, data-mce-style).
09 Jun 2026 · act now
php · tinymceCritical
TinyMCE Stored XSS via forged mce:protected comments
Stored XSS vulnerability via forged mce:protected comments allows attackers to bypass sanitization and inject scripts when content
09 Jun 2026 · act now
php · tinymceCritical
TinyMCE Media Plugin Stored XSS Vulnerability
A stored XSS vulnerability in the media plugin allows attackers to inject malicious scripts via crafted data-mce-* attributes.
09 Jun 2026 · act now