Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
TinyMCE Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2026-47759 - Vulnerability Database
TinyMCE

TinyMCE Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2026-47759

Medium
Reference: CVE-2026-47759
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2026-47759
Title: TinyMCE Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

TinyMCE is an open source rich text editor. Prior to 5.11.1 7.9.3 and 8.5.1 there is a stored XSS vulnerability via unsanitized data-mce- attributes (data-mce-href data-mce-src data-mce-style). Allows attackers to inject malicious values that override safe attributes during serialization bypassing validation. This vulnerability is fixed in 5.11.1 7.9.3 and 8.5.1.