### Impact TinyMCE 6.8.x contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using nested elements can bypass attribute sanitization and execute arbitrary JavaScript. ### Patches This issue affects TinyMCE 6.8.x-7.0.x. The vulnerability is fixed in TinyMCE 7.1.0 and later. ### Workarounds No official workaround available. ### Acknow
GHSA: TinyMCE Cross-Site
Exploit
CVE-2026-47760
GHSA