Lucene search
+L

3 matches found

github
github
added 2026/06/05 8:29 p.m.20 views

TinyMCE Cross-Site Scripting (XSS) vulnerability using media plugin `data-mce-object` injection

Impact Stored XSS vulnerability in the media plugin. Attackers can inject malicious scripts via crafted data-mce- attributes, which are executed when content is rendered. Impacts users of TinyMCE with the media plugin enabled. Patches This vulnerability has been patched in TinyMCE 8.5.1, TinyMCE...

8.7CVSS5.3AI score0.00264EPSS
Exploits0References5Affected Software2
osv
osv
added 2026/06/05 8:29 p.m.12 views

GHSA-VG35-5WQ7-3X7W TinyMCE Cross-Site Scripting (XSS) vulnerability using media plugin `data-mce-object` injection

Impact Stored XSS vulnerability in the media plugin. Attackers can inject malicious scripts via crafted data-mce- attributes, which are executed when content is rendered. Impacts users of TinyMCE with the media plugin enabled. Patches This vulnerability has been patched in TinyMCE 8.5.1, TinyMCE...

8.7CVSS5.3AI score0.00264EPSS
Exploits0References5
osv
osv
added 2026/05/28 3:20 p.m.4 views

CVE-2026-47761 TinyMCE Cross-Site Scripting (XSS) vulnerability using media plugin `data-mce-object` injection

TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability in the media plugin. Attackers can inject malicious scripts via crafted data-mce- attributes, which are executed when content is rendered. Impacts users of TinyMCE with the media...

8.7CVSS6AI score0.00264EPSS
Exploits0References5
Rows per page
Query Builder