Description
TinyMCE is an open source rich text editor. From 6.8.0 to before 7.1.0, TinyMCE contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using nested elements can bypass attribute sanitization and execute arbitrary JavaScript. This vulnerability is fixed in 7.1.0.
Remediation
References
Related Vulnerabilities
Squid Uncontrolled Recursion Vulnerability (CVE-2023-50269)
MySQL CVE-2019-2592 Vulnerability (CVE-2019-2592)
WordPress 3.8.x Multiple Vulnerabilities (3.8 - 3.8.20)
EspoCRM Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-32789)
WordPress Authentication Bypass Using an Alternate Path or Channel Vulnerability (CVE-2020-4050)