GHSA-wxj2-777f-vxmf

Опубликовано: 03 янв. 2024

Источник: github

Github: Прошло ревью

Описание

Duplicate Advisory: Cross-site scripting vulnerability in TinyMCE plugins

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-5h9g-x5rv-25wg. This link is maintained to preserve external references.

Original Description

TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser.

Ссылки

https://github.com/tinymce/tinymce/security/advisories/GHSA-r8hm-w5f7-wj39
https://nvd.nist.gov/vuln/detail/CVE-2024-21910
https://github.com/jazzband/django-tinymce/issues/366
https://github.com/advisories/GHSA-r8hm-w5f7-wj39
https://github.com/jazzband/django-tinymce/releases/tag/3.4.0
https://pypi.org/project/django-tinymce/3.4.0
https://vulncheck.com/advisories/vc-advisory-GHSA-r8hm-w5f7-wj39

Пакеты

Наименование

tinymce

npm

Затронутые версииВерсия исправления

Отсутствует

Дефекты

CWE-79

Дефекты

CWE-79