GHSA-w9jx-4g6g-rp7x: TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements

June 19, 2024

A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor.

References

github.com/advisories/GHSA-w9jx-4g6g-rp7x
github.com/tinymce/tinymce
github.com/tinymce/tinymce/security/advisories/GHSA-w9jx-4g6g-rp7x

Detect and mitigate GHSA-w9jx-4g6g-rp7x with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →