Description

TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.

Remediation

References

CVE-2024-21911

Related Vulnerabilities

WordPress Plugin Stock Ticker Security Bypass (3.23.0)

WordPress Plugin WPE Indoshipping Multiple Remote File Inclusion Vulnerabilities (2.5.0)

Undertow Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-1745)

WordPress Plugin Site Reviews Multiple Vulnerabilities (6.5.1)

WordPress Plugin WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection-StopBadBots Unspecified Vulnerability (6.66)

Severity

Medium

Classification

CVE-2024-21911 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities