Lucene search

K
nodejsAnonymousNODEJS:1680
HistoryMay 06, 2021 - 5:30 p.m.

Cross-site scripting in TinyMCE

2021-05-0617:30:02
Anonymous
www.npmjs.com
21

0.001 Low

EPSS

Percentile

41.3%

Overview

tinymce before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor.

Recommendation

Upgrade to versions 4.9.7, 5.1.4 or later

References

CPENameOperatorVersion
tinymcelt4.9.7 || >=5.0.0 <5.1.4

0.001 Low

EPSS

Percentile

41.3%