CVSS 3.1 Score 4.3 of 10 (medium)


Published Mar 26, 2024


CVE-2024-29881 is a cross-site scripting (XSS) vulnerability found in TinyMCE, an open-source rich text editor. The vulnerability exists in the content loading and content inserting code, allowing an SVG image to be loaded through an `object` or `embed` element, potentially containing an XSS payload. This vulnerability has been addressed and fixed in versions 6.8.1 and 7.0.0 of TinyMCE. The risk score for this vulnerability is 5, with a base severity of MEDIUM and a base score of 4.3 according to the CVSS:3.1 vector string provided by [email protected]. The potential danger to organizations includes possible unauthorized access to sensitive information due to the exploitability of this vulnerability via network attack vectors, although no privileges are required for exploitation and user interaction is required for successful attacks. The impact on confidentiality is low, with no integrity or availability impact identified.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.


Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2024-29881 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions