CVE-2026-47759 | TinyMCE up to 5.11.0/6.8.6/7.9.2/8.5.0 data-mce-href/data-mce-src/data-mce-style cross site scripting (GHSA-q742-qvgc-gc2f)

Inserito da Angelo Barbosa | Mag 28, 2026 | CVE

A vulnerability marked as problematic has been reported in TinyMCE up to 5.11.0/6.8.6/7.9.2/8.5.0. Affected is an unknown function. Performing a manipulation of the argument data-mce-href/data-mce-src/data-mce-style results in cross site scripting.

This vulnerability was named CVE-2026-47759. The attack may be initiated remotely. There is no available exploit.

It is suggested to upgrade the affected component.

CVE-2026-47759 | TinyMCE up to 5.11.0/6.8.6/7.9.2/8.5.0 data-mce-href/data-mce-src/data-mce-style cross site scripting (GHSA-q742-qvgc-gc2f)

Post correlati

CVE-2025-58069 | AutomationDirect CLICK PLUS C0-0x CPU up to 3.70 Initial Message hard-coded key (icsa-25-266-01)

CVE-2024-39326 | National Security Agency skills-service up to 2.12.5 video cross-site request forgery

CVE-2024-47831 | vercel next.js up to 14.2.6 recursion (GHSA-g77x-44xx-532m)

CVE-2024-7202 | Simopro Technology WinMatrix3 up to 1.2.35.3 Query sql injection