Lucene search

PRIOn knowledge basePRION:CVE-2024-21911

HistoryJan 03, 2024 - 4:15 p.m.

Cross site scripting

2024-01-0316:15:00

PRIOn knowledge base

www.prio-n.com

cross site scripting

tinymce

vulnerability

html

javascript

nvd

6.2 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.3%

JSON

TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user’s browser.

CPENameOperatorVersion
tinymcelt5.6.0

CPE	Name	Operator	Version
	tinymce	lt	5.6.0

References

github.com/advisories/GHSA-w7jx-j77m-wp65

github.com/tinymce/tinymce/security/advisories/GHSA-w7jx-j77m-wp65

vulncheck.com/advisories/vc-advisory-GHSA-w7jx-j77m-wp65

www.npmjs.com/package/tinymce

www.tiny.cloud/docs/release-notes/release-notes56/