Cyber Legion: Your Partner in Trusted Business Security

a hand holding a gear wheel and a hand holding a wrench

Our offerings leverage advanced technology and expert knowledge to ensure your business and products are secure against evolving cyber threats while maintaining compliance.

Product Security

We Enhance Your Product Security to Ensure Business Continuity

Consultancy and Advisory

Your Partner in Cyber Resilience — Trusted Remote Security Consultants
See Pricing

CVE-2023-48219

 TinyMCE is an open source rich text editor. A mutation cross-site scripting (mXSS) vulnerability was discovered in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon serialization according to the HTML standard. If such text nodes contain a special character reserved as an internal marker, they can be combined with other HTML patterns to form malicious snippets. These snippets pass the initial sanitisation layer when the content is parsed into the editor body, but can trigger XSS when the special internal marker is removed from the content and re-parsed. his vulnerability has been patched in TinyMCE versions 6.7.3 and 5.10.9. Users are advised to upgrade. There are no known workarounds for this vulnerability. (CVSS:6.1) (Last Update:2023-11-16 01:43:41)     Latest security vulnerabilities (Cross Site Scripting (XSS)) (CVSS score >= 4) – Deprecated! See channel description 

More To Explore