Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

tinymce — Vulnerabilities & Security Advisories 13

All 13 CVE vulnerabilities found in tinymce, with AI-generated Chinese analysis, references, and POCs.

This page documents vulnerability aggregations for the TinyMCE rich text editor product within the software category. It compiles security advisories and reported weaknesses associated with various releases of this popular web-based editor. The collected data covers vulnerabilities discovered and disclosed from early 2019 through the present day, ensuring a comprehensive view of the product's security history over more than five years. By centralizing these records, the page enables security researchers and administrators to efficiently track vendor advisories as they are issued. Users can also gain a deeper understanding of specific weakness classes that frequently affect TinyMCE, such as cross-site scripting or path traversal issues. Furthermore, the interface allows for a detailed look up of a product’s vulnerability history, providing chronological context for how risks have evolved and been patched over time. This resource is designed to support incident response, risk assessment, and proactive maintenance strategies for teams relying on TinyMCE. By presenting this information in a structured format, the page facilitates better decision-making regarding version upgrades and configuration hardening. The goal is to provide transparent access to security data without overwhelming the reader with redundant information. This aggregation serves as a single point of reference for understanding the security posture of TinyMCE across different major and minor versions. It highlights patterns in how the vendor addresses critical flaws and communicates them to the community.

Vendor: tinymce

CVE IDTitleCVSSSeverityPublished
CVE-2026-47762 TinyMCE Cross-Site Scripting (XSS) vulnerability through `mce:protected` comments CWE-79 8.7 High2026-05-28
CVE-2026-47761 TinyMCE Cross-Site Scripting (XSS) vulnerability using media plugin `data-mce-object` injection CWE-79 8.7 High2026-05-28
CVE-2026-47759 TinyMCE Cross-Site Scripting (XSS) vulnerability using through data-mce- prefixed src, href, style attributes CWE-79 8.7 High2026-05-28
CVE-2026-47760 TinyMCE Cross-Site Scripting (XSS) vulnerability using sanitization bypass through nested SVGs CWE-79 8.7 High2026-05-28
CVE-2024-38357 TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements CWE-79 6.1 Medium2024-06-19
CVE-2024-38356 TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option CWE-79 6.1 Medium2024-06-19
CVE-2024-29881 TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements CWE-79 4.3 Medium2024-03-26
CVE-2024-29203 TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes CWE-79 4.3 Medium2024-03-26
CVE-2023-48219 Special characters in unescaped text nodes can trigger mXSS in TinyMCE CWE-79 6.1 Medium2023-11-15
CVE-2023-45818 Cross-site Scripting vulnerability in TinyMCE undo/redo, getContent API, resetContent API, and Autosave plugin CWE-79 6.1 Medium2023-10-19
CVE-2023-45819 Cross-site Scripting vulnerability in TinyMCE notificationManager.open API CWE-79 6.1 Medium2023-10-19
CVE-2022-23494 Cross-site scripting vulnerability in TinyMCE alerts CWE-79 5.4 Medium2022-12-08
CVE-2019-1010091 tinymce 跨站脚本漏洞 CWE-79 6.1 -2019-07-17

All 13 known CVE vulnerabilities affecting tinymce with full Chinese analysis, references, and POCs where available.