TinyMCE Cross-Site Scripting Vulnerability

Go back

severity: medium
date: January 3, 2024
Affecting: TinyMCE versions less than 5.6.0
CVE: CVE-2024-21911
CVE type: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS: 4.3
CVSS V3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References: Vendor advisory
Related link
Related link
Third party advisory