Описание
TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content insertion code. This allowed iframe elements containing malicious code to execute when inserted into the editor. These iframe elements are restricted in their permissions by same-origin browser protections, but could still trigger operations such as downloading of malicious assets. This vulnerability is fixed in 6.8.1.
Ссылки
- Patch
- Vendor Advisory
- Release Notes
- Release Notes
- Patch
- Vendor Advisory
- Release Notes
- Release Notes
Уязвимые конфигурации
Одно из
EPSS
4.3 Medium
CVSS3
6.1 Medium
CVSS3
Дефекты
Связанные уязвимости
TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content insertion code. This allowed `iframe` elements containing malicious code to execute when inserted into the editor. These `iframe` elements are restricted in their permissions by same-origin browser protections, but could still trigger operations such as downloading of malicious assets. This vulnerability is fixed in 6.8.1.
TinyMCE is an open source rich text editor. Across-site scripting (XSS ...
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes
EPSS
4.3 Medium
CVSS3
6.1 Medium
CVSS3