Description
TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor.
Remediation
References
https://github.com/tinymce/tinymce/security/advisories/GHSA-27gm-ghr9-4v95
https://www.tiny.cloud/docs/release-notes/release-notes514/#securityfixes
Related Vulnerabilities
CVE-2022-45868 Vulnerability in maven package com.h2database:h2
CVE-2020-11979 Vulnerability in maven package org.apache.ant:ant
CVE-2020-28271 Vulnerability in npm package deephas
CVE-2022-3509 Vulnerability in maven package com.google.protobuf:protobuf-javalite
CVE-2020-10727 Vulnerability in maven package org.apache.activemq:artemis-server