TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser.
References
Link | Resource |
---|---|
https://github.com/advisories/GHSA-r8hm-w5f7-wj39 | Exploit Third Party Advisory |
https://github.com/jazzband/django-tinymce/issues/366 | Issue Tracking Third Party Advisory |
https://github.com/jazzband/django-tinymce/releases/tag/3.4.0 | Release Notes |
https://github.com/tinymce/tinymce/security/advisories/GHSA-r8hm-w5f7-wj39 | Third Party Advisory |
https://pypi.org/project/django-tinymce/3.4.0/ | Release Notes |
https://vulncheck.com/advisories/vc-advisory-GHSA-r8hm-w5f7-wj39 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: VulnCheck
Published: 2024-01-03T15:55:27.061Z
Updated: 2024-01-03T15:55:27.061Z
Reserved: 2024-01-03T14:21:17.583Z
Link: CVE-2024-21910
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-01-03T16:15:09.090
Modified: 2024-01-08T19:46:25.757
Link: CVE-2024-21910
JSON object: View
Redhat Information
No data.
CWE