Medium severity6.1OSV Advisory· Published Jan 3, 2024· Updated Jun 17, 2026
CVE-2024-21911
CVE-2024-21911
Description
TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tinymcenpm | < 5.6.0 | 5.6.0 |
TinyMCENuGet | < 5.6.0 | 5.6.0 |
tinymce/tinymcePackagist | < 5.6.0 | 5.6.0 |
Affected products
4- ghsa-coords3 versions
< 5.6.0+ 2 more
- (no CPE)range: < 5.6.0
- (no CPE)range: < 5.6.0
- (no CPE)range: < 5.6.0
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-w7jx-j77m-wp65nvdExploitThird Party AdvisoryADVISORY
- github.com/tinymce/tinymce/security/advisories/GHSA-w7jx-j77m-wp65nvdExploitThird Party AdvisoryWEB
- vulncheck.com/advisories/vc-advisory-GHSA-w7jx-j77m-wp65nvdThird Party Advisory
- www.npmjs.com/package/tinymcenvdRelease NotesWEB
- www.tiny.cloud/docs/release-notes/release-notes56/nvdRelease NotesWEB
News mentions
0No linked articles in our index yet.