CVE-2024-29881

Опубликовано: 26 мар. 2024

Источник: nvd

CVSS3: 4.3

CVSS3: 6.1

EPSS Низкий

Описание

TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an object or embed element and that image could potentially contain a XSS payload. This vulnerability is fixed in 6.8.1 and 7.0.0.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:tiny:tinymce:*:*:*:*:*:*:*:*

Версия до 6.8.1 (исключая)

cpe:2.3:a:tiny:tinymce:*:*:*:*:*:*:*:*

Версия от 6.8.2 (включая) до 7.0.0 (исключая)

EPSS

Процентиль: 88%

0.03986

Низкий

4.3 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

CVE-2024-29881

CVSS3: 4.3

ubuntu

почти 2 года назад

TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an `object` or `embed` element and that image could potentially contain a XSS payload. This vulnerability is fixed in 6.8.1 and 7.0.0.

CVE-2024-29881

CVSS3: 4.3

debian

почти 2 года назад

TinyMCE is an open source rich text editor. A cross-site scripting (X ...

GHSA-5359-pvf2-pw78

CVSS3: 4.3

github

почти 2 года назад

TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements

EPSS

Процентиль: 88%

0.03986

Низкий

4.3 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79