CVE-2024-21911

TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.
Configurations

Configuration 1 (hide)

cpe:2.3:a:tiny:tinymce:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:55

Type Values Removed Values Added
References () https://github.com/advisories/GHSA-w7jx-j77m-wp65 - Exploit, Third Party Advisory () https://github.com/advisories/GHSA-w7jx-j77m-wp65 - Exploit, Third Party Advisory
References () https://github.com/tinymce/tinymce/security/advisories/GHSA-w7jx-j77m-wp65 - Exploit, Third Party Advisory () https://github.com/tinymce/tinymce/security/advisories/GHSA-w7jx-j77m-wp65 - Exploit, Third Party Advisory
References () https://vulncheck.com/advisories/vc-advisory-GHSA-w7jx-j77m-wp65 - Third Party Advisory () https://vulncheck.com/advisories/vc-advisory-GHSA-w7jx-j77m-wp65 - Third Party Advisory
References () https://www.npmjs.com/package/tinymce - Release Notes () https://www.npmjs.com/package/tinymce - Release Notes
References () https://www.tiny.cloud/docs/release-notes/release-notes56/#securityfixes - Release Notes () https://www.tiny.cloud/docs/release-notes/release-notes56/#securityfixes - Release Notes

08 Jan 2024, 19:46

Type Values Removed Values Added
CWE CWE-79
References () https://www.tiny.cloud/docs/release-notes/release-notes56/#securityfixes - () https://www.tiny.cloud/docs/release-notes/release-notes56/#securityfixes - Release Notes
References () https://www.npmjs.com/package/tinymce - () https://www.npmjs.com/package/tinymce - Release Notes
References () https://github.com/advisories/GHSA-w7jx-j77m-wp65 - () https://github.com/advisories/GHSA-w7jx-j77m-wp65 - Exploit, Third Party Advisory
References () https://github.com/tinymce/tinymce/security/advisories/GHSA-w7jx-j77m-wp65 - () https://github.com/tinymce/tinymce/security/advisories/GHSA-w7jx-j77m-wp65 - Exploit, Third Party Advisory
References () https://vulncheck.com/advisories/vc-advisory-GHSA-w7jx-j77m-wp65 - () https://vulncheck.com/advisories/vc-advisory-GHSA-w7jx-j77m-wp65 - Third Party Advisory
First Time Tiny tinymce
Tiny
CPE cpe:2.3:a:tiny:tinymce:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1

03 Jan 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-03 16:15

Updated : 2024-11-21 08:55


NVD link : CVE-2024-21911

Mitre link : CVE-2024-21911

CVE.ORG link : CVE-2024-21911


JSON object : View

Products Affected

tiny

  • tinymce
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')