Safety vulnerability ID: 63603
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Django-tinymce 3.4.0 updates its NuGet dependency 'TinyMCE' to v5.10.1 to include a fix for a cross-site scripting vulnerability: a remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser.
Latest version: 4.1.0
A Django application that contains a widget to render a
TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser. See CVE-2024-21910.
MISC:https://github.com/advisories/GHSA-r8hm-w5f7-wj39: https://github.com/advisories/GHSA-r8hm-w5f7-wj39
MISC:https://github.com/jazzband/django-tinymce/issues/366: https://github.com/jazzband/django-tinymce/issues/366
MISC:https://github.com/jazzband/django-tinymce/releases/tag/3.4.0: https://github.com/jazzband/django-tinymce/releases/tag/3.4.0
MISC:https://github.com/tinymce/tinymce/security/advisories/GHSA-r8hm-w5f7-wj39: https://github.com/tinymce/tinymce/security/advisories/GHSA-r8hm-w5f7-wj39
MISC:https://pypi.org/project/django-tinymce/3.4.0/: https://pypi.org/project/django-tinymce/3.4.0/
MISC:https://vulncheck.com/advisories/vc-advisory-GHSA-r8hm-w5f7-wj39: https://vulncheck.com/advisories/vc-advisory-GHSA-r8hm-w5f7-wj39
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application