TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an `object` or `embed` element and that image could potentially contain a XSS payload. This vulnerability is fixed in 6.8.1 and 7.0.0.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| tinymce/tinymce(Packagist) | 0 | 7.0.0 | N/A |
| tinymce(npm) | 0 | 7.0.0 | N/A |
| TinyMCE(NuGet) | 0 | 7.0.0 | N/A |
CVSS Metrics
