6 matches found
Upgrade tinyMCE to >= 7.0.0 to mitigate CVE-2024-29881/29203
h3. Issue Summary The current tinyMCE version used on the latest version of Jira is 5.10.9. There are two outstanding CVEs between the delta of 5.10.9 to 7.0.0 that don't seem to be backported yet: CVE-2024-29881 Detail - NVD|https://nvd.nist.gov/vuln/detail/CVE-2024-29881 CVE-2024-29203 Detail -...
Security Bulletin: IBM Maximo Application Suite uses tinymce-5.10.9.tgz which is vulnerable to CVE-2024-29203, CVE-2024-29881, and CVE-2024-29203.
Summary IBM Maximo Application Suite uses tinymce-5.10.9.tgz which is vulnerable to CVE-2024-29203, CVE-2024-29881, and CVE-2024-29203. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-29203 DESCRIPTION: TinyMCE is vulnerable to...
Security Bulletin: Maximo Asset Management - There is a vulnerability in tinymce-6.7.3.min.js used by IBM Maximo Asset Management application (CVE-2024-29881)
Summary There is a vulnerability in tinymce-6.7.3.min.js used by IBM Maximo Asset Management application. CVE-2024-29881. Vulnerability Details CVEID:CVE-2024-29881 DESCRIPTION: TinyMCE is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the external SVG...
GHSA-VJWG-28GV-PM8H Pimcore TinyMCE Bundle - tinymce CVE-2024-29203, CVE-2024-29881
Impact The TineMCE Bundle uses tinymce version 6.7.3. CVEs for this version exists for 6.8.1: https://nvd.nist.gov/vuln/detail/CVE-2024-29203 https://nvd.nist.gov/vuln/detail/CVE-2024-29881 Patches The package should be updated to at least 6.8.1 to avoid XSS vulnerability. Workarounds Upgrade...
17fe-ui23 (>=0.0.0 <=0.0.24), 3h1-ui (>=3.0.0-liingyun.1 <=3.0.0-next.258) +1770 more potentially affected by CVE-2024-29881 via tinymce (>=4.5.1 <=6.8.6)
tinymce NPM version =4.5.1, =0.0.0, =3.0.0-liingyun.1, =0.0.1, =12.1.0, =0.0.1, =0.1.0, =4.1.0, =1.0.0-beta.1, =4.1.2-rc, =1.0.0, =0.1.2, =0.3.7, =0.1.7, =0.3.0 and more Source cves: CVE-2024-29881 Source advisory: OSV:GHSA-5359-PVF2-PW78...
CVE-2024-29881
TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an object or embed element and that image could potentially contain a XSS payload. This vulnerability is...