EIP-2026-112710
PRE-CVETinyMCE WYSIWYG Editor - Multiple Vulnerabilities
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-112710. PoCs published by mc2_s3lector.
AI-analyzed exploit summary This is a writeup describing XSS and SQL injection vulnerabilities in TinyMCE WYSIWYG editor, with examples of payloads and exploitation techniques. It includes dorks for finding vulnerable instances and sample attack vectors.
Description
TinyMCE WYSIWYG Editor - Multiple Vulnerabilities
Exploits (1)
exploitdb
WRITEUP
by mc2_s3lector · textwebappsphp
https://www.exploit-db.com/exploits/11358
This is a writeup describing XSS and SQL injection vulnerabilities in TinyMCE WYSIWYG editor, with examples of payloads and exploitation techniques. It includes dorks for finding vulnerable instances and sample attack vectors.
Classification
Writeup 80%
Attack Type
Xss | Sqli
Complexity
Trivial
Reliability
Theoretical
Target:
TinyMCE WYSIWYG editor (version not specified)
No auth needed
Prerequisites:
Vulnerable TinyMCE installation · Access to a vulnerable endpoint
mistral-large-3 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026