js · tinymceCritical
TinyMCE media plugin stored XSS via data-mce-* attributes
Stored XSS vulnerability in the media plugin allows attackers to inject malicious scripts via crafted data-mce-* attributes.
What changed
Stored XSS vulnerability in the media plugin allows attackers to inject malicious scripts via crafted data-mce-* attributes.
Who it affects
Users of TinyMCE with the media plugin enabled.
What to do today
Upgrade to TinyMCE 8.5.1, 7.9.3, or 5.11.1 LTS or higher.
The trail
Collected→
Audited→
Written→
Published