Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/tinymce/tinymce@7.2.0
purl pkg:composer/tinymce/tinymce@7.2.0
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-4v71-gmu2-akgq Duplicate This advisory duplicates another. CVE-2024-38356
GHSA-9hcv-j9pv-qmph
VCID-nqmt-kv4x-juhy TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements A [cross-site scripting (XSS)](https://owasp.org/www-community/attacks/xss/) vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor. CVE-2024-38357
GHSA-w9jx-4g6g-rp7x

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-05T21:45:35.069799+00:00 GHSA Importer Fixing VCID-4v71-gmu2-akgq https://github.com/advisories/GHSA-9hcv-j9pv-qmph 38.6.0
2026-06-05T21:45:33.402386+00:00 GHSA Importer Fixing VCID-nqmt-kv4x-juhy https://github.com/advisories/GHSA-w9jx-4g6g-rp7x 38.6.0
2026-06-04T16:51:04.587451+00:00 GithubOSV Importer Fixing VCID-4v71-gmu2-akgq https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-9hcv-j9pv-qmph/GHSA-9hcv-j9pv-qmph.json 38.6.0
2026-06-04T16:50:43.081321+00:00 GithubOSV Importer Fixing VCID-nqmt-kv4x-juhy https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-w9jx-4g6g-rp7x/GHSA-w9jx-4g6g-rp7x.json 38.6.0
2026-06-04T16:21:58.868110+00:00 GitLab Importer Fixing VCID-nqmt-kv4x-juhy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/tinymce/tinymce/CVE-2024-38357.yml 38.6.0
2026-06-04T16:21:58.748676+00:00 GitLab Importer Fixing VCID-4v71-gmu2-akgq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/tinymce/tinymce/CVE-2024-38356.yml 38.6.0