tinymce
js · tinymceCritical
TinyMCE XSS vulnerability via SVG namespace bypass in 6.8.x-7.0.x
TinyMCE 6.8.x-7.0.x contains an XSS vulnerability due to improper SVG namespace scope handling in the sanitizer, allowing crafted
09 Jun 2026 · act now
js · tinymceCritical
TinyMCE Stored XSS via Unsanitized data-mce-* Attributes
Stored XSS vulnerability via unsanitized data-mce-* attributes (data-mce-href, data-mce-src, data-mce-style).
09 Jun 2026 · act now
js · tinymceCritical
TinyMCE Stored XSS via forged mce:protected comments
Stored XSS vulnerability via forged mce:protected comments bypasses sanitization and injects scripts on content restore.
09 Jun 2026 · act now
js · tinymceCritical
TinyMCE media plugin stored XSS via data-mce-* attributes
Stored XSS vulnerability in the media plugin allows attackers to inject malicious scripts via crafted data-mce-* attributes.
09 Jun 2026 · act now