Name of the Vulnerable Software and Affected Versions TinyMCE versions 4.9.10 and earlier TinyMCE versions 5.4.0 and earlier

Description A cross-site scripting (XSS) issue was found in the core parser of TinyMCE, allowing arbitrary JavaScript execution when inserting specially crafted content into the editor via the clipboard or APIs.

Recommendations For TinyMCE versions 4.9.10 and earlier, update to a version higher than 4.9.10 to resolve the issue. For TinyMCE versions 5.4.0 and earlier, update to a version higher than 5.4.0 to resolve the issue.