CVSS 3.1 Score 4.3 of 10 (medium)


Published Mar 26, 2024


CVE-2024-29881 is a cross-site scripting (XSS) vulnerability found in TinyMCE, an open-source rich text editor. The vulnerability exists in the content loading and content inserting code, allowing an SVG image to be loaded through an object or embed element, potentially containing an XSS payload. This vulnerability has been addressed and fixed in versions 6.8.1 and 7.0.0 of TinyMCE. The risk score for this vulnerability is 5, with a base severity of MEDIUM and a base score of 4.3 according to the CVSS:3.1 vector string provided by The potential danger to organizations includes possible unauthorized access to sensitive information due to the exploitability of this vulnerability via network attack vectors, although no privileges are required for exploitation and user interaction is required for successful attacks. The impact on confidentiality is low, with no integrity or availability impact identified.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-29881 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options