We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
The TineMCE Bundle uses tinymce version 6.7.3. CVEs for this version exists for <6.8.1: https://nvd.nist.gov/vuln/detail/CVE-2024-29203 https://nvd.nist.gov/vuln/detail/CVE-2024-29881
The package should be updated to at least 6.8.1 to avoid XSS vulnerability.
Upgrade pimcore to release 11.2.3 or 11.1.6.5.
https://nvd.nist.gov/vuln/detail/CVE-2024-29203 https://nvd.nist.gov/vuln/detail/CVE-2024-29881
Impact
The TineMCE Bundle uses tinymce version 6.7.3. CVEs for this version exists for <6.8.1:
https://nvd.nist.gov/vuln/detail/CVE-2024-29203
https://nvd.nist.gov/vuln/detail/CVE-2024-29881
Patches
The package should be updated to at least 6.8.1 to avoid XSS vulnerability.
Workarounds
Upgrade pimcore to release 11.2.3 or 11.1.6.5.
References
https://nvd.nist.gov/vuln/detail/CVE-2024-29203
https://nvd.nist.gov/vuln/detail/CVE-2024-29881