Description
TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser.
Remediation
References
Related Vulnerabilities
Joomla Incorrect Authorization Vulnerability (CVE-2010-1435)
WordPress Plugin Search Everything SQL Injection (8.1.5)
WordPress Plugin ACF:Better Search Cross-Site Request Forgery (3.3.0)
Jenkins Deserialization of Untrusted Data Vulnerability (CVE-2018-1999042)
Sqlite Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2019-19646)