TinyMCE Plugins Suffer from Cross-Site Scripting Vulnerability

Go back

severity: medium
date: January 3, 2024
Affecting: TinyMCE versions less than 5.10.0
CVE: CVE-2024-21910
CVE type: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS: 6.1
CVSS V3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References: Vendor advisory
Issue tracking
Related link
Related link
Third party advisory