Vulnerability
CVE-2024-29881
[CVE-2024-29881] CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Description
TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE?s content loading and content inserting code. A SVG image could be loaded though an `object` or `embed` element and that image could potentially contain a XSS payload. This vulnerability is fixed in 6.8.1 and 7.0.0.
Deviation Notice:
Sonatype's research suggests that this CVE's details differ from those
defined at NVD or other reporting sources; sign in for details.
Sign up and see:
Detailed deviation notices:
- Detailed deviations
- References
- Custom Descriptions [Coming Soon]