This repository has been archived by the owner on Mar 21, 2022. It is now read-only.
WS-2021-0413 (Medium) detected in tinymce-5.4.2.tgz #158
Labels
security vulnerability
Security vulnerability detected by WhiteSource
WS-2021-0413 - Medium Severity Vulnerability
Vulnerable Library - tinymce-5.4.2.tgz
Web based JavaScript HTML WYSIWYG editor control.
Library home page: https://registry.npmjs.org/tinymce/-/tinymce-5.4.2.tgz
Path to dependency file: /web-library/package.json
Path to vulnerable library: /web-library/node_modules/tinymce/package.json
Dependency Hierarchy:
Found in base branch: main
Vulnerability Details
A cross-site scripting (XSS) vulnerability was discovered in the URL processing logic of the image and link plugins. The vulnerability allowed arbitrary JavaScript execution when updating an image or link using a specially crafted URL. This issue only impacted users while editing and the dangerous URLs were stripped in any content extracted from the editor. This impacts all users who are using TinyMCE 5.9.2 or lower.
Publish Date: 2021-11-02
URL: WS-2021-0413
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-r8hm-w5f7-wj39
Release Date: 2021-11-02
Fix Resolution: 5.10.0
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: