Lucene search

PRIOn knowledge basePRION:CVE-2024-21908

HistoryJan 03, 2024 - 4:15 p.m.

Cross site scripting

2024-01-0316:15:00

PRIOn knowledge base

www.prio-n.com

tinymce

5.9.0

xss vulnerability

unauthenticated

remote attacker

arbitrary javascript

6.2 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.4%

JSON

TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user’s browser.

CPENameOperatorVersion
tinymcelt5.9.0

CPE	Name	Operator	Version
	tinymce	lt	5.9.0

References

github.com/advisories/GHSA-5h9g-x5rv-25wg

github.com/tinymce/tinymce/security/advisories/GHSA-5h9g-x5rv-25wg

vulncheck.com/advisories/vc-advisory-GHSA-5h9g-x5rv-25wg

www.tiny.cloud/docs/release-notes/release-notes59/