Description
TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser.
Remediation
References
Related Vulnerabilities
MySQL CVE-2021-2162 Vulnerability (CVE-2021-2162)
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.15)
Contao Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2019-10641)
WordPress Plugin Polylang Cross-Site Scripting (1.5.1)
WordPress Plugin CP Reservation Calendar SQL Injection (1.1.6)