Lucene search
HistoryJan 03, 2024 - 4:15 p.m.
CVE-2024-21908
tinymce
versions
5.9.0
stored
cross-site scripting
vulnerability
unauthenticated
remote attacker
crafted html
arbitrary javascript execution
another user's browser
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.002 Low
EPSS
Percentile
57.4%
TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user’s browser.
Affected configurations
Node
tinytinymceRange<5.9.0
Related
cvelist
cvelist
CVE-2024-21908 Cross-site scripting vulnerability in TinyMCE
2024-01-03 15:38:09
osv
osv
Cross-site scripting vulnerability in TinyMCE
2021-10-22 16:24:02
CVE-2024-21908
2024-01-03 16:15:08
cve
cve
CVE-2024-21908
2024-01-03 16:15:08
debiancve
debiancve
CVE-2024-21908
2024-01-03 16:15:08
ubuntucve
ubuntucve
CVE-2024-21908
2024-01-03 00:00:00
github
github
Cross-site scripting vulnerability in TinyMCE
2021-10-22 16:24:02
prion
prion
Cross site scripting
2024-01-03 16:15:00
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.002 Low
EPSS
Percentile
57.4%
Related for NVD:CVE-2024-21908