Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-38357

Опубликовано: 19 июн. 2024
Источник: debian
EPSS Низкий

Описание

TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor. This vulnerability has been patched in TinyMCE 7.2.0, TinyMCE 6.8.4 and TinyMCE 5.11.0 LTS by ensuring that content within noscript elements are properly parsed. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
tinymceremovedpackage

Примечания

  • https://github.com/tinymce/tinymce/security/advisories/GHSA-w9jx-4g6g-rp7x

  • https://github.com/tinymce/tinymce/commit/5acb741665a98e83d62b91713c800abbff43b00d

EPSS

Процентиль: 81%
0.01485
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2024-38357

CVSS3: 6.1
ubuntu
больше 1 года назад

TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor. This vulnerability has been patched in TinyMCE 7.2.0, TinyMCE 6.8.4 and TinyMCE 5.11.0 LTS by ensuring that content within noscript elements are properly parsed. Users are advised to upgrade. There are no known workarounds for this vulnerability.

nvd логотип

CVE-2024-38357

CVSS3: 6.1
nvd
больше 1 года назад

TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor. This vulnerability has been patched in TinyMCE 7.2.0, TinyMCE 6.8.4 and TinyMCE 5.11.0 LTS by ensuring that content within noscript elements are properly parsed. Users are advised to upgrade. There are no known workarounds for this vulnerability.

github логотип

GHSA-w9jx-4g6g-rp7x

CVSS3: 6.1
github
больше 1 года назад

TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements

fstec логотип

BDU:2024-08354

CVSS3: 6.1
fstec
больше 1 года назад

Уязвимость редактора форматированного текста TinyMCE, существующая из-за непринятия мер по защите структуры веб-страницы, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)

EPSS

Процентиль: 81%
0.01485
Низкий