Advisories for Pypi/Django-Tinymce package

2024

TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements

A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor.

TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option

A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content extraction code. When using the noneditable_regexp option, specially crafted HTML attributes containing malicious code were able to be executed when content was extracted from the editor.

2021

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in django-tinymce.