TinyMCE Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2024-29881 - Vulnerability Database

TinyMCE

TinyMCE Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2024-29881

Medium

Reference: CVE-2024-29881

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2024-29881

Title: TinyMCE Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Overview:

TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCEs content loading and content inserting code. A SVG image could be loaded though an object or embed element and that image could potentially contain a XSS payload. This vulnerability is fixed in 6.8.1 and 7.0.0.