Описание
Duplicate Advisory: Cross-site scripting vulnerability in TinyMCE
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-5h9g-x5rv-25wg. This link is maintained to preserve external references.
Original Description
TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.
Ссылки
- https://github.com/tinymce/tinymce/security/advisories/GHSA-w7jx-j77m-wp65
- https://nvd.nist.gov/vuln/detail/CVE-2024-21911
- https://github.com/advisories/GHSA-w7jx-j77m-wp65
- https://vulncheck.com/advisories/vc-advisory-GHSA-w7jx-j77m-wp65
- https://www.npmjs.com/package/tinymce
- https://www.tiny.cloud/docs/release-notes/release-notes56/#securityfixes
Пакеты
Наименование
tinymce
npm
Затронутые версииВерсия исправления
Отсутствует
Дефекты
CWE-79
Дефекты
CWE-79