tinymce
dotnet · tinymceCritical
TinyMCE 6.8.x-7.0.x XSS via SVG namespace handling
TinyMCE 6.8.x-7.0.x contains an XSS vulnerability due to improper SVG namespace scope handling in the sanitizer, allowing arbitrar
09 Jun 2026 · act now
dotnet · tinymceCritical
TinyMCE Stored XSS via data-mce-* attributes
Stored XSS vulnerability via unsanitized data-mce-* attributes (data-mce-href, data-mce-src, data-mce-style).
09 Jun 2026 · act now
dotnet · tinymceCritical
TinyMCE Stored XSS via forged mce:protected comments
Stored XSS vulnerability via forged mce:protected comments allows attackers to bypass sanitization and inject scripts when content
09 Jun 2026 · act now
dotnet · tinymceCritical
TinyMCE Media Plugin Stored XSS Vulnerability
Stored XSS vulnerability in the media plugin allows attackers to inject malicious scripts via crafted data-mce-* attributes.
09 Jun 2026 · act now