TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an `object` or `embed` element and that image could potentially contain a XSS payload. This vulnerability is fixed in 6.8.1 and 7.0.0.
Metrics
Affected Vendors & Products
References
History
Tue, 02 Sep 2025 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Tiny
Tiny tinymce |
|
CPEs | cpe:2.3:a:tiny:tinymce:*:*:*:*:*:*:*:* | |
Vendors & Products |
Tiny
Tiny tinymce |

Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2024-08-02T17:59:24.301Z
Reserved: 2024-03-21T15:12:08.997Z
Link: CVE-2024-29881

Updated: 2024-08-02T01:17:58.006Z

Status : Analyzed
Published: 2024-03-26T14:15:09.070
Modified: 2025-09-02T16:17:16.510
Link: CVE-2024-29881

No data.

Updated: 2025-07-13T11:22:23Z