VYPR
High severity8.7NVD Advisory· Published May 28, 2026· Updated May 28, 2026

CVE-2026-47760

CVE-2026-47760

Description

TinyMCE is an open source rich text editor. From 6.8.0 to before 7.1.0, TinyMCE contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using nested elements can bypass attribute sanitization and execute arbitrary JavaScript. This vulnerability is fixed in 7.1.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
tinymcenpm
>= 6.8.0, < 7.1.07.1.0
TinyMCENuGet
>= 6.8.0, < 7.1.07.1.0
tinymce/tinymcePackagist
>= 6.8.0, < 7.1.07.1.0

Affected products

2
  • Tinymce/Tinymceinferred2 versions
    >=6.8.0,<7.1.0+ 1 more
    • (no CPE)range: >=6.8.0,<7.1.0
    • (no CPE)range: >=6.8.0, <7.1.0

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.