php · tinymceCritical
TinyMCE Stored XSS via forged mce:protected comments
Stored XSS vulnerability via forged mce:protected comments allows attackers to bypass sanitization and inject scripts when content is restored.
What changed
Stored XSS vulnerability via forged mce:protected comments allows attackers to bypass sanitization and inject scripts when content is restored.
Who it affects
Users who utilize the protect option in TinyMCE.
What to do today
Upgrade to TinyMCE 8.5.1 or higher, TinyMCE 7.9.3 or higher, or TinyMCE 5.11.1 LTS or higher.
The trail
Collected→
Audited→
Written→
Published