Cross-Site Scripting (XSS) Vulnerability in TinyMCE Versions before 5.10.0

Cross-Site Scripting (XSS) Vulnerability in TinyMCE Versions before 5.10.0

CVE-2024-21910 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser.

Learn more about our User Device Pen Test.