Description
TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor.
Remediation
References
https://github.com/tinymce/tinymce/security/advisories/GHSA-27gm-ghr9-4v95
https://www.tiny.cloud/docs/release-notes/release-notes514/#securityfixes
Related Vulnerabilities
CVE-2015-9243 Vulnerability in npm package hapi
CVE-2021-23424 Vulnerability in npm package ansi-html
CVE-2022-36090 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore
CVE-2018-14042 Vulnerability in maven package org.webjars.npm:bootstrap
CVE-2020-7713 Vulnerability in npm package arr-flatten-unflatten