4 matches found
Upgrade tinyMCE to >= 7.0.0 to mitigate CVE-2024-29881/29203
h3. Issue Summary The current tinyMCE version used on the latest version of Jira is 5.10.9. There are two outstanding CVEs between the delta of 5.10.9 to 7.0.0 that don't seem to be backported yet: CVE-2024-29881 Detail - NVD|https://nvd.nist.gov/vuln/detail/CVE-2024-29881 CVE-2024-29203 Detail -...
Security Bulletin: IBM Maximo Application Suite uses tinymce-5.10.9.tgz which is vulnerable to CVE-2024-29203, CVE-2024-29881, and CVE-2024-29203.
Summary IBM Maximo Application Suite uses tinymce-5.10.9.tgz which is vulnerable to CVE-2024-29203, CVE-2024-29881, and CVE-2024-29203. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-29203 DESCRIPTION: TinyMCE is vulnerable to...
GHSA-VJWG-28GV-PM8H Pimcore TinyMCE Bundle - tinymce CVE-2024-29203, CVE-2024-29881
Impact The TineMCE Bundle uses tinymce version 6.7.3. CVEs for this version exists for 6.8.1: https://nvd.nist.gov/vuln/detail/CVE-2024-29203 https://nvd.nist.gov/vuln/detail/CVE-2024-29881 Patches The package should be updated to at least 6.8.1 to avoid XSS vulnerability. Workarounds Upgrade...
CVE-2024-29203
TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content insertion code. This allowed iframe elements containing malicious code to execute when inserted into the editor. These iframe elements are restricted in their permissions by...