Search for packages
| purl | pkg:composer/tinymce/tinymce@7.1.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4v71-gmu2-akgq
Aliases: CVE-2024-38356 GHSA-9hcv-j9pv-qmph |
Duplicate This advisory duplicates another. |
Affected by 0 other vulnerabilities. |
|
VCID-nqmt-kv4x-juhy
Aliases: CVE-2024-38357 GHSA-w9jx-4g6g-rp7x |
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements A [cross-site scripting (XSS)](https://owasp.org/www-community/attacks/xss/) vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-aqcy-kxr3-mkgm | TinyMCE is an open source rich text editor. From 6.8.0 to before 7.1.0, TinyMCE contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using nested elements can bypass attribute sanitization and execute arbitrary JavaScript. This vulnerability is fixed in 7.1.0. |
CVE-2026-47760
GHSA-mh5m-5hw4-5c69 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-07T05:03:34.090207+00:00 | GithubOSV Importer | Fixing | VCID-aqcy-kxr3-mkgm | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/06/GHSA-mh5m-5hw4-5c69/GHSA-mh5m-5hw4-5c69.json | 38.6.0 |
| 2026-06-06T05:08:56.822515+00:00 | GitLab Importer | Affected by | VCID-nqmt-kv4x-juhy | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/tinymce/tinymce/CVE-2024-38357.yml | 38.6.0 |
| 2026-06-06T05:08:53.669387+00:00 | GitLab Importer | Affected by | VCID-4v71-gmu2-akgq | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/tinymce/tinymce/CVE-2024-38356.yml | 38.6.0 |