CVE-2024-21910 Cross-site scripting vulnerability in TinyMCE plugins

2024-01-0315:55:27

CWE-79

VulnCheck

www.cve.org

cross-site scripting

tinymce

version 5.10.0

vulnerability

remote attacker

crafted urls

arbitrary javascript

0.004 Low

EPSS

Percentile

73.6%

JSON

TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user’s browser.

CNA Affected

[
  {
    "collectionURL": "https://nuget.org/packages",
    "defaultStatus": "unaffected",
    "packageName": "TinyMCE",
    "versions": [
      {
        "lessThan": "5.10.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver 2.0.0"
      }
    ]
  }
]