He1D3N

**Name of the Vulnerable Software and Affected Versions** TinyMCE versions prior to 5.11.1 TinyMCE versions prior to 7.9.3 TinyMCE versions prior to 8.5.1 **Description** A stored Cross-Site Scripting (XSS) issue exists due to unsanitized `data-mce-*` attributes, specifically `data-mce-href`, `data-mce-src`, and `data-mce-style`. This allows attackers to inject malicious values that override safe attributes during serialization, effectively bypassing validation. **Recommendations** Update to version 5.11.1 LTS or higher. Update to version 7.9.3 or higher. Update to version 8.5.1 or higher.

**Name of the Vulnerable Software and Affected Versions** TinyMCE versions prior to 5.11.1 TinyMCE versions prior to 7.9.3 TinyMCE versions prior to 8.5.1 **Description** A stored Cross-Site Scripting (XSS) issue exists via forged mce:protected comments. This allows attackers to bypass sanitization and inject scripts that execute when content is restored. The issue impacts users who utilize the protect option. **Recommendations** Update to version 5.11.1 Update to version 7.9.3 Update to version 8.5.1