PT-2024-5043 · Tinymce+2 · Tinymce+2
Ekimchau
·
Published
2024-06-19
·
Updated
2026-04-29
·
CVE-2024-38356
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions:
TinyMCE versions prior to 5.11.0 LTS
TinyMCE versions prior to 6.8.4
TinyMCE versions prior to 7.2.0
Description:
A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content extraction code. When using the
noneditable regexp option, specially crafted HTML attributes containing malicious code were able to be executed when content was extracted from the editor.Recommendations:
- Upgrade to TinyMCE 5.11.0 LTS or higher for TinyMCE 5.x.
- Upgrade to TinyMCE 6.8.4 or higher for TinyMCE 6.x.
- Upgrade to TinyMCE 7.2.0 or higher for TinyMCE 7.x.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linuxmint
Tinymce
Ubuntu