Description
TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser.
Remediation
References
Related Vulnerabilities
PHP Other Vulnerability (CVE-2004-0959)
Drupal Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-25277)
WordPress Plugin Chameleon CSS SQL Injection (1.2)
Internet Information Services Improper Authentication Vulnerability (CVE-2009-1535)
WordPress Plugin Keyword Strategy Internal Links Multiple Cross-Site Scripting Vulnerabilities (2.0)