Description

TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor.

Remediation

References

https://github.com/tinymce/tinymce/security/advisories/GHSA-27gm-ghr9-4v95

https://www.tiny.cloud/docs/release-notes/release-notes514/#securityfixes

Related Vulnerabilities

CVE-2022-45868 Vulnerability in maven package com.h2database:h2

CVE-2020-11979 Vulnerability in maven package org.apache.ant:ant

CVE-2020-28271 Vulnerability in npm package deephas

CVE-2022-3509 Vulnerability in maven package com.google.protobuf:protobuf-javalite

CVE-2020-10727 Vulnerability in maven package org.apache.activemq:artemis-server

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Exploit Release Notes Third Party Advisory Vendor Advisory