CVE-2019-1010091

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-1010091

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-1010091.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-1010091

Aliases

GHSA-c78w-2gw7-gjv3

Downstream

UBUNTU-CVE-2019-1010091

Published

2019-07-17T17:15:13.200Z

Modified

2026-04-10T04:13:46.023269Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The component is: Media element. The attack vector is: The victim must paste malicious content to media element's embed tab.

References

https://github.com/tinymce/tinymce/issues/4394

Affected packages

Git / github.com/tinymce/tinymce

Affected ranges

Type

GIT

Repo

https://github.com/tinymce/tinymce

Events

Introduced

Fixed

f032ed3421213d8853d1037c9ada4d1caf33858b

Introduced

945bf35afd18fe97415652ae026b538ea7ffa8b8

Fixed

6f14016ca22b691e018c48037538cdf70a83cab5

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.9.10"
        },
        {
            "introduced": "5.0.0"
        },
        {
            "fixed": "5.2.2"
        }
    ]
}

Affected versions

2.*

2.0.7

2.0.9

2.1.1

2.1.2

3.*

3.0

3.0.1

3.0.2

3.0.2.1

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.0.9

3.0rc1

3.0rc2

3.1.0

3.2

3.2.0.2

3.2.1

3.2.1.1

3.2.2

3.2.2.1

3.2.2.2

3.2.3

3.2.6

3.2.7

3.3

3.3.1

3.3.2

3.3.3

3.3.4

3.3.5

3.3.6

3.3.7

3.3.8

3.3.9

3.3.9.1

3.3.9.2

3.3b1

3.3b2

3.3rc1

3.4

3.4.1

3.4.2

3.4.3

3.4.3.1

3.4.3.2

3.4.4

3.4.5

3.4.6

3.4.7

3.4.8

3.4.9

3.4b1

3.4b2

3.4b3

3.5

3.5.0.1

3.5.1

3.5.1.1

3.5.2

3.5.3

3.5.3.1

3.5.4

3.5.4.1

3.5.5

3.5.6

3.5.7

3.5.8

4.*

4.0

4.0.1

4.0.10

4.0.11

4.0.12

4.0.13

4.0.14

4.0.15

4.0.16

4.0.17

4.0.18

4.0.19

4.0.2

4.0.20

4.0.21

4.0.22

4.0.23

4.0.24

4.0.25

4.0.26

4.0.27

4.0.28

4.0.3

4.0.4

4.0.5

4.0.6

4.0.7

4.0.8

4.0.9

4.0b1

4.0b2

4.0b3

4.1.0

4.1.1

4.1.10

4.1.2

4.1.3

4.1.4

4.1.5

4.1.6

4.1.7

4.1.8

4.1.9

4.2.0

4.2.1

4.2.2

4.2.3

4.2.4

4.2.5

4.2.6

4.2.7

4.3.0

4.3.1

4.3.10

4.3.11

4.3.12

4.3.13

4.3.2

4.3.3

4.3.4

4.3.6

4.3.7

4.3.8

4.3.9

4.4.0

4.4.1

4.4.2

4.4.3

4.5.0

4.5.1

4.5.2

4.5.3

4.6.0

4.6.1

4.6.2

4.6.3

4.6.4

4.6.5

4.6.6

4.6.7

4.7.0

4.7.1

4.7.10

4.7.11

4.7.12

4.7.13

4.7.2

4.7.3

4.7.4

4.7.5

4.7.6

4.7.7

4.7.8

4.7.9

4.8.0

4.8.1

4.8.2

4.8.3

4.8.4

4.8.5

4.9.0

4.9.1

4.9.2

4.9.3

4.9.4

4.9.5

4.9.6

4.9.7

4.9.8

4.9.9

5.*

5.0.14

5.0.15

5.2.0

5.2.1

@ephox/acid@1.*

@ephox/acid@1.0.34

@ephox/acid@1.0.35

@ephox/acid@1.0.36

@ephox/acid@1.0.37

@ephox/acid@1.0.38

@ephox/acid@1.0.39

@ephox/acid@1.0.40

@ephox/acid@1.0.41

@ephox/acid@1.0.42

@ephox/acid@1.0.43

@ephox/acid@1.0.44

@ephox/acid@1.0.45

@ephox/acid@1.0.68

@ephox/acid@1.0.69

@ephox/acid@1.0.70

@ephox/acid@1.0.71

@ephox/acid@1.0.72

@ephox/acid@1.0.73

@ephox/agar@4.*

@ephox/agar@4.13.22

@ephox/agar@4.13.23

@ephox/agar@4.13.24

@ephox/agar@4.13.25

@ephox/agar@4.13.26

@ephox/agar@4.13.27

@ephox/agar@4.13.28

@ephox/agar@4.13.29

@ephox/agar@4.13.30

@ephox/agar@4.13.31

@ephox/agar@4.13.32

@ephox/agar@4.13.33

@ephox/agar@4.15.1

@ephox/agar@4.15.2

@ephox/agar@4.15.3

@ephox/alloy@4.*

@ephox/alloy@4.15.10

@ephox/alloy@4.15.11

@ephox/alloy@4.15.12

@ephox/alloy@4.15.13

@ephox/alloy@4.15.14

@ephox/alloy@4.15.15

@ephox/alloy@4.15.16

@ephox/alloy@4.15.17

@ephox/alloy@4.15.6

@ephox/alloy@4.15.7

@ephox/alloy@4.15.8

@ephox/alloy@4.15.9

@ephox/alloy@6.*

@ephox/alloy@6.0.1

@ephox/alloy@6.0.2

@ephox/alloy@6.0.3

@ephox/alloy@6.0.4

@ephox/alloy@6.0.5

@ephox/alloy@6.0.6

@ephox/boss@3.*

@ephox/boss@3.0.30

@ephox/boss@3.0.31

@ephox/boss@3.0.32

@ephox/boss@3.0.33

@ephox/boss@3.0.34

@ephox/boss@3.0.35

@ephox/boss@3.0.36

@ephox/boss@3.0.37

@ephox/boss@3.1.1

@ephox/boss@3.1.2

@ephox/boss@3.1.3

@ephox/boulder@3.*

@ephox/boulder@3.3.26

@ephox/boulder@3.3.27

@ephox/boulder@3.3.28

@ephox/boulder@3.3.29

@ephox/boulder@4.*

@ephox/boulder@4.0.1

@ephox/boulder@4.0.2

@ephox/boulder@4.0.3

@ephox/bridge@1.*

@ephox/bridge@1.0.74

@ephox/bridge@1.0.75

@ephox/bridge@1.0.76

@ephox/bridge@1.0.77

@ephox/bridge@1.0.78

@ephox/bridge@1.1.1

@ephox/bridge@1.1.2

@ephox/bridge@1.1.3

@ephox/darwin@3.*

@ephox/darwin@3.0.25

@ephox/darwin@3.0.26

@ephox/darwin@3.0.27

@ephox/darwin@3.0.28

@ephox/darwin@3.0.29

@ephox/darwin@3.0.30

@ephox/darwin@3.0.31

@ephox/darwin@3.0.32

@ephox/darwin@4.*

@ephox/darwin@4.0.10

@ephox/darwin@4.0.11

@ephox/darwin@4.0.12

@ephox/darwin@4.0.13

@ephox/darwin@4.0.14

@ephox/darwin@4.0.9

@ephox/dragster@4.*

@ephox/dragster@4.0.22

@ephox/dragster@4.0.23

@ephox/dragster@4.0.24

@ephox/dragster@4.0.25

@ephox/dragster@4.0.26

@ephox/dragster@4.0.27

@ephox/dragster@4.0.28

@ephox/dragster@4.0.29

@ephox/dragster@4.0.44

@ephox/dragster@4.0.45

@ephox/dragster@4.0.46

@ephox/imagetools@3.*

@ephox/imagetools@3.2.10

@ephox/jax@4.*

@ephox/jax@4.1.17

@ephox/jax@4.1.18

@ephox/jax@4.1.19

@ephox/jax@4.1.20

@ephox/jax@4.1.30

@ephox/jax@4.1.31

@ephox/katamari-assertions@1.*

@ephox/katamari-assertions@1.0.2

@ephox/katamari-assertions@1.0.3

@ephox/katamari-assertions@1.0.4

@ephox/katamari@2.*

@ephox/katamari@2.4.28

@ephox/katamari@2.5.0

@ephox/katamari@2.5.1

@ephox/katamari@2.5.2

@ephox/katamari@5.*

@ephox/katamari@5.0.1

@ephox/katamari@5.0.2

@ephox/mcagar@4.*

@ephox/mcagar@4.0.21

@ephox/mcagar@4.0.22

@ephox/mcagar@4.0.23

@ephox/mcagar@4.0.24

@ephox/mcagar@4.0.25

@ephox/mcagar@4.0.26

@ephox/mcagar@4.0.27

@ephox/mcagar@4.0.28

@ephox/mcagar@4.0.29

@ephox/mcagar@4.0.30

@ephox/mcagar@4.0.31

@ephox/mcagar@4.0.32

@ephox/mcagar@4.1.1

@ephox/mcagar@4.1.2

@ephox/mcagar@4.1.3

@ephox/mcagar@4.1.4

@ephox/phoenix@5.*

@ephox/phoenix@5.0.32

@ephox/phoenix@5.0.33

@ephox/phoenix@5.0.34

@ephox/phoenix@5.0.35

@ephox/phoenix@5.0.36

@ephox/phoenix@5.0.37

@ephox/phoenix@5.0.38

@ephox/phoenix@5.0.39

@ephox/phoenix@5.1.1

@ephox/phoenix@5.1.2

@ephox/phoenix@5.1.3

@ephox/phoenix@5.1.4

@ephox/polaris@3.*

@ephox/polaris@3.0.32

@ephox/polaris@3.0.33

@ephox/polaris@3.0.34

@ephox/polaris@3.0.35

@ephox/polaris@3.0.45

@ephox/polaris@3.0.46

@ephox/polaris@3.0.47

@ephox/polaris@3.0.48

@ephox/porkbun@4.*

@ephox/porkbun@4.0.19

@ephox/porkbun@4.0.20

@ephox/porkbun@4.0.21

@ephox/porkbun@4.0.22

@ephox/porkbun@4.0.32

@ephox/porkbun@4.0.33

@ephox/robin@7.*

@ephox/robin@7.0.26

@ephox/robin@7.0.27

@ephox/robin@7.0.28

@ephox/robin@7.0.29

@ephox/robin@7.0.30

@ephox/robin@7.0.31

@ephox/robin@7.0.32

@ephox/robin@7.0.33

@ephox/robin@7.0.48

@ephox/robin@7.0.49

@ephox/robin@7.0.50

@ephox/robin@7.0.51

@ephox/sand@3.*

@ephox/sand@3.0.3

@ephox/sand@3.0.4

@ephox/sand@3.0.5

@ephox/sand@3.0.6

@ephox/sand@3.1.5

@ephox/sand@3.1.6

@ephox/snooker@5.*

@ephox/snooker@5.0.10

@ephox/snooker@5.0.3

@ephox/snooker@5.0.4

@ephox/snooker@5.0.5

@ephox/snooker@5.0.6

@ephox/snooker@5.0.7

@ephox/snooker@5.0.8

@ephox/snooker@5.0.9

@ephox/snooker@5.1.10

@ephox/snooker@5.1.11

@ephox/snooker@5.1.12

@ephox/snooker@5.1.7

@ephox/snooker@5.1.8

@ephox/snooker@5.1.9

@ephox/sugar@5.*

@ephox/sugar@5.0.0

@ephox/sugar@5.0.1

@ephox/sugar@5.0.2

@ephox/sugar@5.0.3

@ephox/sugar@5.0.4

@ephox/sugar@5.0.5

@ephox/sugar@5.0.6

@ephox/sugar@5.0.7

@ephox/sugar@5.1.1

@ephox/sugar@5.1.2

@ephox/sugar@5.1.3

@tinymce/oxide-icons-default@1.*

@tinymce/oxide-icons-default@1.3.1

@tinymce/oxide@1.*

@tinymce/oxide@1.0.233

@tinymce/oxide@1.0.234

@tinymce/oxide@1.0.235

@tinymce/oxide@1.0.236

@tinymce/oxide@1.2.1

@tinymce/oxide@1.2.2

@tinymce/oxide@1.2.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-1010091.json"