[HIGH] TinyMCE Cross-Site Scripting (XSS) vulnerability using through data-mce- prefixed src, href, style attributes

PKSA-rf1b-835f-6yyv CVE-2026-47759 GHSA-q742-qvgc-gc2f

Affected package: tinymce/tinymce

Affected version: >=8.0.0,<8.5.1|>=6.0.0,<7.9.3|<5.11.1

Reported by:
GitHub