PT-2026-44389 · Tinymce · Tinymce
Maple3142
·
Published
2026-05-28
·
Updated
2026-06-05
·
CVE-2026-47760
CVSS v3.1
8.7
High
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
TinyMCE versions 6.8.0 through 7.0.x
Description
An XSS (Cross-Site Scripting) issue exists due to improper SVG namespace scope handling within the sanitizer. An attacker can use a crafted payload with nested elements to bypass attribute sanitization, allowing the execution of arbitrary JavaScript.
Recommendations
Update to version 7.1.0.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tinymce