php · tinymceCrítico
TinyMCE 6.8.x-7.0.x: XSS via SVG namespace bypass
TinyMCE 6.8.x through 7.0.x has an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. Crafted nested <svg> elements can bypass
O que mudou
TinyMCE 6.8.x through 7.0.x has an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. Crafted nested <svg> elements can bypass attribute sanitization and execute arbitrary JavaScript.
Quem isso afeta
Users of TinyMCE versions 6.8.x through 7.0.x.
O que fazer hoje
Atualize para o TinyMCE 7.1.0 ou superior para corrigir a vulnerabilidade.
A esteira
Coletado→
Auditado→
Redigido→
Publicado