GHSA-p7j5-4mwm-hv86 – tinymce

Package

Manager: npm
Name: tinymce
Vulnerable Version: <0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: N/A

EPSS: N/A pctlN/A

Details

Duplicate Advisory: Cross-site scripting in TinyMCE ## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-27gm-ghr9-4v95. This link is maintained to preserve external references. ## Original Description TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor.

Metadata

Created: 2021-05-06T17:28:14Z
Modified: 2023-06-27T16:50:42Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-p7j5-4mwm-hv86/GHSA-p7j5-4mwm-hv86.json
CWE IDs: ["CWE-79"]
Alternative ID: N/A
Finding: N/A
Auto approve: 0