Description
TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser.
Remediation
References
Related Vulnerabilities
WordPress Plugin NextGEN Gallery-WordPress Gallery Information Disclosure (1.9.11)
WeBid Server-Side Request Forgery (SSRF) Vulnerability (CVE-2022-41477)
MediaWiki CVE-2022-28209 Vulnerability (CVE-2022-28209)
TYPO3 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-21338)
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-0213)