Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
TinyMCE Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2026-47761 - Vulnerability Database
TinyMCE

TinyMCE Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2026-47761

Medium
Reference: CVE-2026-47761
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2026-47761
Title: TinyMCE Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

TinyMCE is an open source rich text editor. Prior to 5.11.1 7.9.3 and 8.5.1 there is a stored XSS vulnerability in the media plugin. Attackers can inject malicious scripts via crafted data-mce- attributes which are executed when content is rendered. Impacts users of TinyMCE with the media plugin enabled. This vulnerability is fixed in 5.11.1 7.9.3 and 8.5.1.