CVE-2024-21908

Description

TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another users browser.

Risk Information

Base Score

6.1

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Score

Exploitation Probability

0.365

Associated Vulnerability

Vulnerability	OS Platform
Vulnerabilities CVE-2024-21908 are fixed in Nuget - TinyMCE 5.9.0	Windows
Vulnerabilities CVE-2024-21908 are fixed in Nuget - TinyMCE for Linux 5.9.0	Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234