Cross-site Scripting (XSS)

tinymce is vulnerable to cross-site scripting. The vulnerability exists in pBodyMessage function of Dialog.ts due to lack of sanitization in alert and confirm messages which allows an attacker to inject and execute malicious JavaScript...