Security Advisories - tinymce/tinymce - Packagist

tinymce/tinymce Security Advisories for 6.6.0 (5)

[MEDIUM] TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes

PKSA-s5r2-shvb-ydth CVE-2024-29203 GHSA-438c-3975-5x3f

Affected version: <6.8.1

Reported by:
GitHub
[MEDIUM] TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements

PKSA-hdg2-6rxt-d4qn CVE-2024-29881 GHSA-5359-pvf2-pw78

Affected version: <7.0.0

Reported by:
GitHub
[MEDIUM] TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes

PKSA-mymm-sn83-mbb2 CVE-2023-48219 GHSA-v626-r774-j7f8

Affected version: >=6.0.0,<6.7.3|<5.10.9

Reported by:
GitHub
[MEDIUM] TinyMCE XSS vulnerability in notificationManager.open API

PKSA-m1dk-8wwc-991j CVE-2023-45819 GHSA-hgqx-r2hp-jr38

Affected version: <5.10.8|>=6.0.0,<6.7.1

Reported by:
GitHub
[MEDIUM] TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin

PKSA-49mb-wskm-8m9m CVE-2023-45818 GHSA-v65r-p3vv-jjfv

Affected version: <5.10.8|>=6.0.0,<6.7.1

Reported by:
GitHub