top of page
perceptive_background_267k.jpg

TinyMCE is an open source rich text editor. From 6.8.0 to before 7.1.0, TinyMCE contains an XSS vulnerability caused by improper SVG namespace scope handling in…

Published:

27 mei 2026 om 22:00:00

Alert date:

28 mei 2026 om 19:09:38

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Supply Chain & Dependencies

TinyMCE versions 6.8.0 to before 7.1.0 contain an XSS vulnerability due to improper SVG namespace scope handling in the sanitizer. Attackers can craft payloads using nested SVG elements to bypass attribute sanitization and execute arbitrary JavaScript. This cross-site scripting vulnerability affects the open source rich text editor's security controls. The vulnerability has been patched in version 7.1.0. Organizations using affected versions should upgrade immediately to prevent potential exploitation.

Technical details

Mitigation steps:

Affected products:

TinyMCE

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-47760
https://github.com/tinymce/tinymce/security/advisories/GHSA-mh5m-5hw4-5c69

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page