• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

TinyMCE Compressor Multiple Vulnerabilities

TinyMCE Compressor is prone to multiple remote vulnerabilities.

The script is affected by a file disclosure vulnerability. Information gathered through the exploitation of this issue may aid in other attacks.

The script is also affected by multiple cross-site scripting and HTML injection vulnerabilities. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

TinyMCE Compressor 1.0.5 and prior versions are vulnerable to these issues.