VulnerableCode Package Details - pkg:npm/tinymce@4.3.7

Vulnerabilities affecting this package (9)

Vulnerability	Summary	Fixed by
VCID-1eut-y5qx-dkhu Aliases: CVE-2024-21908 GHSA-5h9g-x5rv-25wg GMS-2021-132 GMS-2021-163 GMS-2021-189	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in tinymce.	5.9.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-4vw1-8jp2-hua7 Aliases: GHSA-5vm8-hhgr-jcjp GMS-2021-190	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in tinymce.	5.7.1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-9brg-dm6s-2ba7 Aliases: CVE-2024-21911 GHSA-w7jx-j77m-wp65 GMS-2021-193 GMS-2021-508 GMS-2021-616	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in tinymce.	5.6.0 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-cz6w-pdan-rfa4 Aliases: GHSA-vrv8-v4w8-f95h GMS-2020-789	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in tinymce.	4.9.11 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 5.4.1 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-e8m3-ecws-efeg Aliases: CVE-2019-1010091 GHSA-c78w-2gw7-gjv3	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') tinymce The impact is: JavaScript code execution. The component is: Media element. The attack vector is: The victim must paste malicious content to media element's embed tab.	4.9.10 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 5.2.2 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-qngh-qsty-nkhh Aliases: CVE-2020-12648	Cross-site Scripting A cross-site scripting (XSS) vulnerability in TinyMCE allows remote attackers to inject arbitrary web script when configured in classic editing mode.	4.9.11 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 5.4.1 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-r9zu-cdb9-8ubc Aliases: GHSA-h96f-fc7c-9r55 GMS-2021-191	Regex denial of service vulnerability in codesample plugin A regex denial of service (ReDoS) vulnerability was discovered in a dependency of the `codesample` plugin.	5.6.0 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-vyvk-n5gm-1uc8 Aliases: CVE-2024-21910 GHSA-r8hm-w5f7-wj39 GMS-2021-133 GMS-2021-164 GMS-2021-192 GMS-2021-8	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in TinyMCE.	5.10.0 Affected by 0 other vulnerabilities.
VCID-yxpz-j48p-dydc Aliases: CVE-2020-17480 GHSA-27gm-ghr9-4v95	Cross-site Scripting TinyMCE allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor.	4.9.7 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 5.1.4 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Next non-vulnerable version	5.10.0
Latest non-vulnerable version	7.2.0
Risk	4.0

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T01:04:35.400732+00:00	GitLab Importer	Affected by	VCID-vyvk-n5gm-1uc8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/tinymce/GMS-2021-192.yml	38.6.0
2026-06-06T01:03:40.946360+00:00	GitLab Importer	Affected by	VCID-1eut-y5qx-dkhu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/tinymce/GMS-2021-189.yml	38.6.0
2026-06-06T00:43:18.236973+00:00	GitLab Importer	Affected by	VCID-4vw1-8jp2-hua7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/tinymce/GMS-2021-190.yml	38.6.0
2026-06-04T20:43:03.176856+00:00	GitLab Importer	Affected by	VCID-r9zu-cdb9-8ubc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/tinymce/GMS-2021-191.yml	38.6.0
2026-06-04T20:43:02.309293+00:00	GitLab Importer	Affected by	VCID-9brg-dm6s-2ba7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/tinymce/GMS-2021-193.yml	38.6.0
2026-06-04T20:34:09.164170+00:00	GitLab Importer	Affected by	VCID-qngh-qsty-nkhh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/tinymce/CVE-2020-12648.yml	38.6.0
2026-06-04T20:34:05.066980+00:00	GitLab Importer	Affected by	VCID-cz6w-pdan-rfa4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/tinymce/GMS-2020-789.yml	38.6.0
2026-06-04T20:34:03.011374+00:00	GitLab Importer	Affected by	VCID-yxpz-j48p-dydc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/tinymce/CVE-2020-17480.yml	38.6.0
2026-06-04T20:30:11.389577+00:00	GitLab Importer	Affected by	VCID-e8m3-ecws-efeg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/tinymce/CVE-2019-1010091.yml	38.6.0