Duplicate Advisory: Cross-site scripting in TinyMCE
Moderate severity
GitHub Reviewed
Published
May 6, 2021
to the GitHub Advisory Database
•
Updated Jun 27, 2023
Withdrawn
This advisory was withdrawn on Jun 27, 2023
Description
Published by the National Vulnerability Database
Aug 10, 2020
Reviewed
May 5, 2021
Published to the GitHub Advisory Database
May 6, 2021
Withdrawn
Jun 27, 2023
Last updated
Jun 27, 2023
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-27gm-ghr9-4v95. This link is maintained to preserve external references.
Original Description
TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor.
References