0.001 Low
EPSS
Percentile
44.8%
tinymce is vulnerable to Cross-Site Scripting. The library does not properly sanitise the input to the media element, allowing users to paste malicious content to media element’s embed tab to execute arbitrary Javascript code.
github.com/tinymce/tinymce/issues/4394