CVE-2024-21910: Cross-site scripting vulnerability in TinyMCE plugins

First published: Tue Nov 02 2021(Updated: )

### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5h9g-x5rv-25wg. This link is maintained to preserve external references. ### Original Description TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser.

Credit: disclosure@vulncheck.com disclosure@vulncheck.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/github-advisory-latest
• alias/GHSA-r8hm-w5f7-wj39
• alias/CVE-2024-21910
• alias/GHSA-wxj2-777f-vxmf
• agent/type
• agent/last-modified-date
• agent/first-publish-date
• agent/references
• agent/author
• collector/nvd-api
• source/NVD
• agent/software-canonical-lookup
• agent/severity
• agent/title
• agent/weakness
• agent/softwarecombine
• collector/github-advisory
• source/GitHub
• collector/nvd-cve
• agent/event
• agent/description
• agent/tags
• collector/epss-latest
• source/FIRST
• agent/epss
• collector/mitre-cve
• source/MITRE
• package-manager/pip
• package-manager/nuget
• package-manager/composer
• package-manager/npm
• vendor/tiny
• canonical/tiny tinymce