Lucene search

Ubuntu.comUB:CVE-2024-21908

HistoryJan 03, 2024 - 12:00 a.m.

CVE-2024-21908

2024-01-0300:00:00

ubuntu.com

tinymce

cross-site scripting

vulnerability

html

javascript

unix

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.9

Confidence

High

EPSS

0.002

Percentile

57.3%

JSON

TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting
vulnerability. An unauthenticated and remote attacker could insert crafted
HTML into the editor resulting in arbitrary JavaScript execution in another
user’s browser.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchtinymce< anyUNKNOWN
ubuntu20.04noarchtinymce< anyUNKNOWN
ubuntu16.04noarchtinymce< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	tinymce	< any	UNKNOWN
ubuntu	20.04	noarch	tinymce	< any	UNKNOWN
ubuntu	16.04	noarch	tinymce	< any	UNKNOWN

References

github.com/advisories/GHSA-5h9g-x5rv-25wg

github.com/tinymce/tinymce/security/advisories/GHSA-5h9g-x5rv-25wg

launchpad.net/bugs/cve/CVE-2024-21908

nvd.nist.gov/vuln/detail/CVE-2024-21908

security-tracker.debian.org/tracker/CVE-2024-21908

vulncheck.com/advisories/vc-advisory-GHSA-5h9g-x5rv-25wg

www.cve.org/CVERecord?id=CVE-2024-21908

www.tiny.cloud/docs/release-notes/release-notes59/#securityfixes

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.9

Confidence

High

EPSS

0.002

Percentile

57.3%

JSON

Related for UB:CVE-2024-21908