tinymce/tinymce Security Advisories for 6.6.0 (5)
-
[MEDIUM] TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes
PKSA-s5r2-shvb-ydth CVE-2024-29203 GHSA-438c-3975-5x3f
Affected version: <6.8.1
Reported by:
GitHub -
[MEDIUM] TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements
PKSA-hdg2-6rxt-d4qn CVE-2024-29881 GHSA-5359-pvf2-pw78
Affected version: <7.0.0
Reported by:
GitHub -
[MEDIUM] TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes
PKSA-mymm-sn83-mbb2 CVE-2023-48219 GHSA-v626-r774-j7f8
Affected version: >=6.0.0,<6.7.3|<5.10.9
Reported by:
GitHub -
[MEDIUM] TinyMCE XSS vulnerability in notificationManager.open API
PKSA-m1dk-8wwc-991j CVE-2023-45819 GHSA-hgqx-r2hp-jr38
Affected version: <5.10.8|>=6.0.0,<6.7.1
Reported by:
GitHub -
[MEDIUM] TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin
PKSA-49mb-wskm-8m9m CVE-2023-45818 GHSA-v65r-p3vv-jjfv
Affected version: <5.10.8|>=6.0.0,<6.7.1
Reported by:
GitHub