=====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN586
_____________________________________________________________________

DATE                : 03/11/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running tinymce versions prior to 5.10.0.

=====================================================================
https://github.com/tinymce/tinymce/security/advisories/GHSA-r8hm-w5f7-wj39
_____________________________________________________________________


Cross-site scripting vulnerability in TinyMCE plugins

moderate
lnewson published GHSA-r8hm-w5f7-wj39 Nov 1, 2021

Package
tinymce (npm composer nuget)

Affected versions
< 5.10.0

Patched versions
5.10.0


Description

Impact

A cross-site scripting (XSS) vulnerability was discovered in the URL
processing logic of the image and link plugins. The vulnerability
allowed arbitrary JavaScript execution when updating an image or link
using a specially crafted URL. This issue only impacted users while
editing and the dangerous URLs were stripped in any content extracted
from the editor. This impacts all users who are using TinyMCE 5.9.2 or
lower.


Patches

This vulnerability has been patched in TinyMCE 5.10.0 by improved
sanitization logic when updating URLs in the relevant plugins.


Workarounds

To work around this vulnerability, either:

    Upgrade to TinyMCE 5.10.0 or higher
    Disable the image and link plugins


Acknowledgements

Tiny Technologies would like to thank Yakir6 for discovering this
vulnerability.


References

https://www.tiny.cloud/docs/release-notes/release-notes510/#securityfixes


For more information

If you have any questions or comments about this advisory:

    Email us at infosec@tiny.cloud
    Open an issue in the TinyMCE repo


GHSA ID
GHSA-5h9g-x5rv-25wg

CWEs
CWE-79

CVSS Score
6.1 Moderate
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================