SynopsisTinyMCE < 4.9.7 Cross-Site Scripting
DescriptionAccording to its self-reported version number, TinyMCE is prior to 4.9.7 or 5.x prior to 5.1.4. Therefore, it may be affected by a cross-site scripting vulnerability in the core parser, paste and visualchars plugins.
Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionUpgrade to TinyMCE version 4.9.7 or later.