3 matches found
CVE-2024-21908 Cross-site scripting vulnerability in TinyMCE
TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser...
CVE-2024-21908
CVE-2024-21908 (TinyMCE) : Affected software versions are TinyMCE before 5.9.0. The issue is a stored cross-site scripting vulnerability where an unauthenticated, remote attacker can insert crafted HTML into the editor, leading to arbitrary JavaScript execution in another user’s browser. Root cau...
3h1-ui (>=2.14.41 <=3.0.0-next.258), @abt-desk/apm (>=0.0.1 <=0.33.12) +1291 more potentially affected by CVE-2024-21908 via tinymce (>=4.5.1 <=5.8.2)
tinymce NPM version =4.5.1, =2.14.41, =0.0.1, =0.1.0, =0.1.2, =0.3.7, =0.1.7, =0.1.0, =0.0.1, =1.0.0, =0.2.0-0, =1.0.18-beta.8, =1.0.0, =1.2.3-beta.1, =0.1.1, =0.1.11 and more Source cves: CVE-2024-21908 Source advisory: OSV:GHSA-5H9G-X5RV-25WG...