CVE-2026-47762

HIGH SEVERITY

CVSS Score & Metrics

Base Score

8.7 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N                                    

Vulnerability Description

TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via forged mce:protected comments. Allows attackers to bypass sanitization and inject scripts that execute when content is restored. Impacts users who utilize the protect option. This vulnerability is fixed in 5.11.1, 7.9.3, and 8.5.1.

Vulnerability Details

Published Date

May 28, 2026

Last Modified

May 28, 2026

CWE ID

CWE-79

Source

NVD

Vendor

tinymce

Product

tinymce

External References

https://github.com/tinymce/tinymce/security/advisories/GHSA-v98h-vmpc-fpqv
https://www.tiny.cloud/docs/tinymce/7/7.9.3-release-notes/#overview
https://www.tiny.cloud/docs/tinymce/8/8.5.1-release-notes/#overview

CVE-2026-47762

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment