TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content insertion code. This allowed `iframe` elements containing malicious code to execute when inserted into the editor. These `iframe` elements are restricted in their permissions by same-origin browser protections, but could still trigger operations such as downloading of malicious assets. This vulnerability is fixed in 6.8.1.
Metrics
Affected Vendors & Products
References
History
Tue, 02 Sep 2025 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Tiny
Tiny tinymce |
|
CPEs | cpe:2.3:a:tiny:tinymce:*:*:*:*:*:*:*:* | |
Vendors & Products |
Tiny
Tiny tinymce |

Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2024-08-06T14:37:35.656Z
Reserved: 2024-03-18T17:07:00.096Z
Link: CVE-2024-29203

Updated: 2024-08-02T01:10:54.517Z

Status : Analyzed
Published: 2024-03-26T14:15:08.747
Modified: 2025-09-02T16:20:29.453
Link: CVE-2024-29203

No data.

Updated: 2025-07-13T11:31:30Z