dotnet · tinymceCritical
TinyMCE Media Plugin Stored XSS Vulnerability
Stored XSS vulnerability in the media plugin allows attackers to inject malicious scripts via crafted data-mce-* attributes.
What changed
Stored XSS vulnerability in the media plugin allows attackers to inject malicious scripts via crafted data-mce-* attributes.
Who it affects
Users of TinyMCE with the media plugin enabled.
What to do today
Upgrade to TinyMCE 8.5.1, 7.9.3, or 5.11.1 LTS (commercial) to patch the vulnerability.
The trail
Collected→
Audited→
Written→
Published