CVE-2026-47759

CVE-2026-47759 — GHSA: TinyMCE Cross-Site Scripting (XSS) vulnerability using through data-mce- prefixed src, href, style attributes

📅 2026-06-05

🟠 High 🔥 No GHSA Exploit Web CVSS 8.7 🎯 EPSS 0.03%

📋 الوصف الكامل

### Impact Stored XSS vulnerability via unsanitized data-mce-* attributes (data-mce-href, data-mce-src, data-mce-style). Allows attackers to inject malicious values that override safe attributes during serialization, bypassing validation. ### Patches Patched by stripping unsafe data-mce-* attributes during parsing. Users should upgrade to the latest patched versions (5 LTS, 7.x, 8.x). ### Workar

💻 الأنظمة المتأثرة

GHSA: TinyMCE Cross-Site

⚠️ نوع التهديد

Exploit

🔗 CVE ID

CVE-2026-47759

📡 المصدر

GHSA

✅ الحلول والتخفيف

🔗 المصدر الأصلي ← 📘 NVD ← ⚡ CISA KEV ←