FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

TinyMCE -- mXSS in multiple plugins

Affected packages
tinymce < 6.7.3
roundcube < 1.6.6,1

Details

VuXML ID 9532a361-b84d-11ee-b0d7-84a93843eb75
Discovery 2023-11-15
Entry 2024-01-23

TinyMCE reports:

Special characters in unescaped text nodes can trigger mXSS when using TinyMCE undo/redo, getContentAPI, resetContentAPI, and Autosave plugin

[source]

References

CVE Name CVE-2023-48219
URL https://github.com/roundcube/roundcubemail/releases/tag/1.6.6
URL https://github.com/tinymce/tinymce/security/advisories/GHSA-v626-r774-j7f8

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.