CVSS 3.1 Score 6.1 of 10 (medium)


Published Jan 3, 2024
Updated: Jan 8, 2024


CVE-2024-21910 is a cross-site scripting vulnerability affecting TinyMCE versions before 5.10.0. This vulnerability allows a remote and unauthenticated attacker to execute arbitrary JavaScript in the browser of an editing user by introducing crafted image or link URLs. The vulnerability has a CVSS v3.1 base score of 6.1, indicating a medium severity level. The affected products include various versions of e3od2m, e3od2n, e3od2k, and many others. Remediation can be achieved by updating the TinyMCE software to version 5.10.0 or later. The potential danger posed by this vulnerability is that it could enable an attacker to compromise the integrity and confidentiality of an organization's data through malicious code execution in a user's browser during the editing process.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-21910 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options