CVE-2024-29203

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Mar 26, 2024

CWE ID 79

Summary

CVE-2024-29203 is a newly discovered cross-site scripting (XSS) vulnerability affecting the open-source rich text editor, TinyMCE. The issue resides in TinyMCE's content insertion code, which allows malicious `iframe` elements containing harmful code to be executed within the editor. Although these `iframe` elements are subject to same-origin browser restrictions, they can still initiate potentially dangerous actions like downloading malicious assets. The vulnerability has been resolved in TinyMCE version 6.8.1.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vCq8N4
https://www.cve.org/CVERecord?id=CVE-2024-29203
https://nvd.nist.gov/vuln/detail/CVE-2024-29203

Back to Vulnerability Database

CVE-2024-29203

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations