Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:38393
HistoryDec 09, 2022 - 7:26 a.m.

Cross-site Scripting (XSS)

2022-12-0907:26:35
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
tinymce
xss
vulnerability
dialog.ts
injection
javascript

0.002 Low

EPSS

Percentile

54.9%

tinymce is vulnerable to cross-site scripting. The vulnerability exists in pBodyMessage function of Dialog.ts due to lack of sanitization in alert and confirm messages which allows an attacker to inject and execute malicious JavaScript.

0.002 Low

EPSS

Percentile

54.9%