Name of the Vulnerable Software and Affected Versions Silverstripe CMS version 4 TinyMCE versions 4.x

Description The issue concerns several XSS vectors in TinyMCE 4.x that have been patched in later versions. Two of these vectors affect the silverstripe/admin module. The security patches from later TinyMCE releases have been backported to the version bundled in silverstripe/admin to address the issue.

Recommendations For Silverstripe CMS version 4, apply the backported security patches to the TinyMCE version bundled in silverstripe/admin. For TinyMCE versions 4.x, consider upgrading to a later version that includes the security patches for the XSS vectors, if possible, or apply the necessary security patches.