Yakir6

Name of the Vulnerable Software and Affected Versions: TinyMCE versions prior to 5.10.0 Description: A cross-site scripting vulnerability was discovered in the URL processing logic of the `image` and `link` plugins, allowing arbitrary JavaScript execution when updating an image or link using a specially crafted URL. This issue only impacts users while editing, and the dangerous URLs are stripped in any content extracted from the editor. Recommendations: To resolve the issue, either: - Upgrade to TinyMCE 5.10.0 or higher - Disable the `image` and `link` plugins as a temporary workaround until a patch is available.