6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
19.7%
TinyMCE is an open source rich text editor. A mutation cross-site scripting
(mXSS) vulnerability was discovered in TinyMCE’s core undo and redo
functionality. When a carefully-crafted HTML snippet passes the XSS
sanitisation layer, it is manipulated as a string by internal trimming
functions before being stored in the undo stack. If the HTML snippet is
restored from the undo stack, the combination of the string manipulation
and reparative parsing by either the browser’s native DOMParser
API (TinyMCE
6) or the SaxParser API (TinyMCE 5) mutates the HTML maliciously, allowing
an XSS payload to be executed. This vulnerability has been patched in
TinyMCE 5.10.8 and TinyMCE 6.7.1 by ensuring HTML is trimmed using
node-level manipulation instead of string manipulation. Users are advised
to upgrade. There are no known workarounds for this vulnerability.
github.com/tinymce/tinymce/security/advisories/GHSA-v65r-p3vv-jjfv
launchpad.net/bugs/cve/CVE-2023-45818
nvd.nist.gov/vuln/detail/CVE-2023-45818
researchgate.net/publication/266654651_mXSS_attacks_Attacking_well-secured_web-applications_by_using_innerHTML_mutations
security-tracker.debian.org/tracker/CVE-2023-45818
tiny.cloud/docs/release-notes/release-notes5108/#securityfixes
tiny.cloud/docs/tinymce/6/6.7.1-release-notes/#security-fixes
www.cve.org/CVERecord?id=CVE-2023-45818
www.tiny.cloud/docs/api/tinymce.html/tinymce.html.saxparser/