js · tinymceCrítico
TinyMCE: Stored XSS via mce:protected comments
Stored XSS vulnerability via forged mce:protected comments allows attackers to bypass sanitization and inject scripts when content is restored.
O que mudou
Stored XSS vulnerability via forged mce:protected comments allows attackers to bypass sanitization and inject scripts when content is restored.
Quem isso afeta
Usuários que utilizam a opção protect no TinyMCE.
O que fazer hoje
Atualize para TinyMCE 8.5.1 ou superior, 7.9.3 ou superior, ou 5.11.1 LTS ou superior.
A esteira
Coletado→
Auditado→
Redigido→
Publicado