Lucene search
+L

4 matches found

Atlassian
Atlassian
added 2024/10/08 9:27 p.m.180 views

Upgrade tinyMCE to >= 7.0.0 to mitigate CVE-2024-29881/29203

h3. Issue Summary The current tinyMCE version used on the latest version of Jira is 5.10.9. There are two outstanding CVEs between the delta of 5.10.9 to 7.0.0 that don't seem to be backported yet: CVE-2024-29881 Detail - NVD|https://nvd.nist.gov/vuln/detail/CVE-2024-29881 CVE-2024-29203 Detail -...

4.3CVSS5.7AI score0.00722EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/15 7:26 a.m.20 views

Security Bulletin: IBM Maximo Application Suite uses tinymce-5.10.9.tgz which is vulnerable to CVE-2024-29203, CVE-2024-29881, and CVE-2024-29203.

Summary IBM Maximo Application Suite uses tinymce-5.10.9.tgz which is vulnerable to CVE-2024-29203, CVE-2024-29881, and CVE-2024-29203. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-29203 DESCRIPTION: TinyMCE is vulnerable to...

6.1CVSS4.8AI score0.00722EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/04/24 5:2 p.m.56 views

GHSA-VJWG-28GV-PM8H Pimcore TinyMCE Bundle - tinymce CVE-2024-29203, CVE-2024-29881

Impact The TineMCE Bundle uses tinymce version 6.7.3. CVEs for this version exists for 6.8.1: https://nvd.nist.gov/vuln/detail/CVE-2024-29203 https://nvd.nist.gov/vuln/detail/CVE-2024-29881 Patches The package should be updated to at least 6.8.1 to avoid XSS vulnerability. Workarounds Upgrade...

6.1CVSS4.6AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2024/03/26 2:15 p.m.9 views

CVE-2024-29203

TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content insertion code. This allowed iframe elements containing malicious code to execute when inserted into the editor. These iframe elements are restricted in their permissions by...

6.1CVSS6.8AI score0.00722EPSS
Exploits0References3
Rows per page
Query Builder