CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
20.6%
tinymce is vulnerable to mutation cross-site scripting (mXSS). The vulnerability is caused due to lack of sanitization in handling of text nodes.This could allow an attacker to inject malicious scripts.
github.com/tinymce/tinymce/commit/751e35f1419a6a060ded397dda1b2945bacaa711
github.com/tinymce/tinymce/commit/c8b267c6df01e0aabfe689a867ab936b1d21f50b
github.com/tinymce/tinymce/security/advisories/GHSA-v626-r774-j7f8
tiny.cloud/docs/release-notes/release-notes5109/
tiny.cloud/docs/tinymce/6/6.7.3-release-notes/