mkzhx

2 exploits Active since Mar 2024
CVE-2024-29203 WRITEUP MEDIUM WRITEUP
TinyMCE < 6.8.1 - Cross-Site Scripting via Iframe Element Insertion
TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content insertion code. This allowed `iframe` elements containing malicious code to execute when inserted into the editor. These `iframe` elements are restricted in their permissions by same-origin browser protections, but could still trigger operations such as downloading of malicious assets. This vulnerability is fixed in 6.8.1.
CVSS 4.3
CVE-2024-29881 WRITEUP MEDIUM WRITEUP
TinyMCE < 6.8.1 and 7.0.0 - Cross-Site Scripting via SVG in Object or Embed Elements
TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an `object` or `embed` element and that image could potentially contain a XSS payload. This vulnerability is fixed in 6.8.1 and 7.0.0.
CVSS 4.3