CVE-2024-29203
CVSS V2 None
CVSS V3 None
Description
TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content insertion code. This allowed `iframe` elements containing malicious code to execute when inserted into the editor. These `iframe` elements are restricted in their permissions by same-origin browser protections, but could still trigger operations such as downloading of malicious assets. This vulnerability is fixed in 6.8.1.
Overview
- CVE ID
- CVE-2024-29203
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-03-26T13:23:53.673Z
- Last Modified Date
- 2024-03-26T13:23:53.673Z
Weakness Enumerations
References
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-29203 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29203 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-06-26 02:21:58 | Added to TrackCVE |