PT-2024-7087 · Tinymce+2 · Tinymce+2
Malav-Mk
·
Published
2024-06-19
·
Updated
2026-04-29
·
CVE-2024-38357
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
TinyMCE versions prior to 5.11.0 LTS
TinyMCE versions prior to 6.8.4
TinyMCE versions prior to 7.2.0
Description
A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor.
Recommendations
- Upgrade to TinyMCE 5.11.0 LTS or higher for TinyMCE 5.x.
- Upgrade to TinyMCE 6.8.4 or higher for TinyMCE 6.x.
- Upgrade to TinyMCE 7.2.0 or higher for TinyMCE 7.x.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linuxmint
Tinymce
Ubuntu