VYPR
High severity8.7NVD Advisory· Published May 28, 2026· Updated May 28, 2026

CVE-2026-47761

CVE-2026-47761

Description

TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability in the media plugin. Attackers can inject malicious scripts via crafted data-mce-* attributes, which are executed when content is rendered. Impacts users of TinyMCE with the media plugin enabled. This vulnerability is fixed in 5.11.1, 7.9.3, and 8.5.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
tinymcenpm
>= 0
tinymcenpm
>= 6.0.0, < 7.9.37.9.3
tinymcenpm
>= 8.0.0, < 8.5.18.5.1
TinyMCENuGet
>= 0
TinyMCENuGet
>= 6.0.0, < 7.9.37.9.3
TinyMCENuGet
>= 8.0.0, < 8.5.18.5.1
tinymce/tinymcePackagist
>= 0
tinymce/tinymcePackagist
>= 6.0.0, < 7.9.37.9.3
tinymce/tinymcePackagist
>= 8.0.0, < 8.5.18.5.1

Affected products

5

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.