CVE-2024-29881

TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements

Severity Score

4.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an `object` or `embed` element and that image could potentially contain a XSS payload. This vulnerability is fixed in 6.8.1 and 7.0.0.

TinyMCE es un editor de texto enriquecido de código abierto. Se descubrió una vulnerabilidad de cross-site scripting (XSS) en el código de carga e inserción de contenido de TinyMCE. Se podría cargar una imagen SVG a través de un elemento "objeto" o "incrustar" y esa imagen podría contener potencialmente un payload XSS. Esta vulnerabilidad se solucionó en 6.8.1 y 7.0.0.

*Credits: N/A

CVSS Scores

GitHubv3.1 4.3

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-03-21 CVE Reserved
2024-03-26 CVE Published
2024-03-27 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (4)

URL	Tag	Source
https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1	X_refsource_misc
https://github.com/tinymce/tinymce/security/advisories/GHSA-5359-pvf2-pw78	X_refsource_confirm
https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types	X_refsource_misc
https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#convert_unsafe_embeds-editor-option-is-now-defaulted-to-true	X_refsource_misc

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Tinymce Search vendor "Tinymce"		Tinymce Search vendor "Tinymce" for product "Tinymce"				< 7.0.0 Search vendor "Tinymce" for product "Tinymce" and version " < 7.0.0"		en		Affected