Moxiecode Tinymce Compressor Php : Security vulnerabilities, CVEs

Copy

CVE-2005-4600

Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to read or include arbitrary files via a trailing null byte (%00) in the (1) theme, (2) language, (3) plugins, or (4) lang parameter.

Max CVSS

6.4

EPSS Score

0.64%

Published

2005-12-31

Updated

2018-10-19

CVE-2005-4599

Cross-site scripting (XSS) vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to inject arbitrary web script or HTML via the index parameter.

Max CVSS

4.3

EPSS Score

0.49%

Published

2005-12-31

Updated

2018-10-19

2 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!