TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2024-01-03T15:59:00.305Z

Updated: 2024-08-01T22:35:34.709Z

Reserved: 2024-01-03T14:21:17.583Z

Link: CVE-2024-21911

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2024-01-03T16:15:09.170

Modified: 2024-01-08T19:46:14.513

Link: CVE-2024-21911

cve-icon Redhat

No data.