VYPR
Moderate severityNVD Advisory· Published Mar 26, 2024· Updated Aug 6, 2024

TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes

CVE-2024-29203

Description

TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content insertion code. This allowed iframe elements containing malicious code to execute when inserted into the editor. These iframe elements are restricted in their permissions by same-origin browser protections, but could still trigger operations such as downloading of malicious assets. This vulnerability is fixed in 6.8.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
tinymcenpm
< 6.8.16.8.1
TinyMCENuGet
< 6.8.16.8.1
tinymce/tinymcePackagist
< 6.8.16.8.1

Affected products

4

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.