Name of the Vulnerable Software and Affected Versions TinyMCE versions prior to 20.2.0 OpenMage magento-lts versions prior to 20.2.0

Description The TinyMCE WYSIWYG editor fails to filter scripts when rendering HTML in specially crafted HTML tags, allowing for potential exploitation. This issue can be exploited using the onmouseover attribute of an img element.

Recommendations For TinyMCE versions prior to 20.2.0, upgrade to version 20.2.0 or later. For OpenMage magento-lts versions prior to 20.2.0, upgrade to version 20.2.0 or later. As a temporary workaround, consider disabling the WYSIWYG editor features in the configuration until a patch is available. Restrict access to potentially vulnerable modules to minimize the risk of exploitation.