Cross-site scripting vulnerabilities in old version of bundled TinyMCE
Moderate severity
GitHub Reviewed
Published
Apr 26, 2023
in
silverstripe/silverstripe-admin
•
Updated Apr 27, 2023
Description
Published to the GitHub Advisory Database
Apr 26, 2023
Reviewed
Apr 26, 2023
Last updated
Apr 27, 2023
An old version of TinyMCE include an XSS vulnerability, which was patched in a later version. This was described by TinyMCE:
We reviewed the potential impact of this vulnerability within the context of Silverstripe CMS. We concluded this is a medium impact vulnerability given how TinyMCE is used by Silverstripe CMS.
Reported by: Developers at ACC
References