Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
TinyMCE Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2024-29203 - Vulnerability Database
TinyMCE

TinyMCE Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2024-29203

Medium
Reference: CVE-2024-29203
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2024-29203
Title: TinyMCE Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

TinyMCE is an open source rich text editor. Across-site scripting (XSS) vulnerability was discovered in TinyMCEs content insertion code. This allowed iframe elements containing malicious code to execute when inserted into the editor. These iframe elements are restricted in their permissions by same-origin browser protections but could still trigger operations such as downloading of malicious assets. This vulnerability is fixed in 6.8.1.