PT-2026-44389 · Tinymce · Tinymce

Maple3142

·

Published

2026-05-28

·

Updated

2026-06-05

·

CVE-2026-47760

CVSS v3.1

8.7

High

VectorAV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions TinyMCE versions 6.8.0 through 7.0.x
Description An XSS (Cross-Site Scripting) issue exists due to improper SVG namespace scope handling within the sanitizer. An attacker can use a crafted payload with nested elements to bypass attribute sanitization, allowing the execution of arbitrary JavaScript.
Recommendations Update to version 7.1.0.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-47760
GHSA-MH5M-5HW4-5C69

Affected Products

Tinymce