Name of the Vulnerable Software and Affected Versions Silverstripe CMS version 4 TinyMCE versions 4.x

Description The issue concerns several XSS vectors in TinyMCE 4.x that have been patched in later versions. These vulnerabilities affect silverstripe/admin and, by extension, Silverstripe CMS 4. It is noted that Silverstripe CMS 5 is not affected due to its use of TinyMCE 6.

Recommendations For Silverstripe CMS version 4, apply the backported security patches to the TinyMCE version bundled in silverstripe/admin. For TinyMCE versions 4.x, consider upgrading to a later version where these XSS vectors have been patched, if possible without introducing breaking changes.