CVE-2026-47761
HIGH SEVERITYCVSS Score & Metrics
Base Score
8.7 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Vulnerability Description
TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability in the media plugin. Attackers can inject malicious scripts via crafted data-mce-* attributes, which are executed when content is rendered. Impacts users of TinyMCE with the media plugin enabled. This vulnerability is fixed in 5.11.1, 7.9.3, and 8.5.1.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-79
Source
NVD
Vendor
tinymce
Product
tinymce
Discussion (0)
Add Comment
No comments yet. Be the first!