tinymce/tinymce Security Advisories for 4.9.10 (9)
-
[MEDIUM] TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes
PKSA-s5r2-shvb-ydth CVE-2024-29203 GHSA-438c-3975-5x3f
Affected version: <6.8.1
Reported by:
GitHub -
[MEDIUM] TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements
PKSA-hdg2-6rxt-d4qn CVE-2024-29881 GHSA-5359-pvf2-pw78
Affected version: <7.0.0
Reported by:
GitHub -
[MEDIUM] TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes
PKSA-mymm-sn83-mbb2 CVE-2023-48219 GHSA-v626-r774-j7f8
Affected version: >=6.0.0,<6.7.3|<5.10.9
Reported by:
GitHub -
[MEDIUM] TinyMCE XSS vulnerability in notificationManager.open API
PKSA-m1dk-8wwc-991j CVE-2023-45819 GHSA-hgqx-r2hp-jr38
Affected version: <5.10.8|>=6.0.0,<6.7.1
Reported by:
GitHub -
[MEDIUM] TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin
PKSA-49mb-wskm-8m9m CVE-2023-45818 GHSA-v65r-p3vv-jjfv
Affected version: <5.10.8|>=6.0.0,<6.7.1
Reported by:
GitHub -
[MEDIUM] Cross-site scripting vulnerability in TinyMCE alerts
PKSA-t9cj-9h2r-fkgh CVE-2022-23494 GHSA-gg8r-xjwq-4w92
Affected version: <5.10.7|>=6.0.0,<6.3.1
Reported by:
GitHub -
[MEDIUM] Cross-site scripting vulnerability in TinyMCE plugins
PKSA-s6b9-gg3t-crbs CVE-2024-21910 GHSA-r8hm-w5f7-wj39
Affected version: <5.10.0
Reported by:
GitHub -
[MEDIUM] Cross-site scripting vulnerability in TinyMCE
PKSA-prcy-kppw-cnxf CVE-2024-21908 GHSA-5h9g-x5rv-25wg
Affected version: <5.9.0
Reported by:
GitHub -
[MEDIUM] Cross-site scripting vulnerability in TinyMCE
PKSA-gy5q-j464-j41z CVE-2024-21911 GHSA-w7jx-j77m-wp65
Affected version: <5.6.0
Reported by:
GitHub