First published: Fri Oct 22 2021(Updated: )
TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.
Credit: disclosure@vulncheck.com disclosure@vulncheck.com
Affected Software | Affected Version | How to fix |
---|---|---|
composer/tinymce/tinymce | <5.9.0 | 5.9.0 |
nuget/TinyMCE | <5.9.0 | 5.9.0 |
npm/tinymce | <5.9.0 | 5.9.0 |
Tiny Tinymce | <5.9.0 | |
<5.9.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.