top of page
perceptive_background_267k.jpg

TinyMCE is an open source rich text editor. From 6.8.0 to before 7.1.0, TinyMCE contains an XSS vulnerability caused by improper SVG namespace scope handling in…

Published:

27 mei 2026 om 22:00:00

Alert date:

28 mei 2026 om 20:05:25

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies

TinyMCE versions 6.8.0 to before 7.1.0 contain a cross-site scripting (XSS) vulnerability in the SVG sanitizer. The vulnerability stems from improper SVG namespace scope handling, allowing attackers to craft payloads using nested elements that bypass attribute sanitization. This enables execution of arbitrary JavaScript code in the context of the application. The vulnerability has been patched in version 7.1.0.

Technical details

Mitigation steps:

Affected products:

TinyMCE

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-47760
https://github.com/tinymce/tinymce/security/advisories/GHSA-mh5m-5hw4-5c69

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page