← العودة للجدول
CVE-2026-47761
CVE-2026-47761 — GHSA: TinyMCE Cross-Site Scripting (XSS) vulnerability using media plugin `data-mce-object` injection
📅 2026-06-05
🟠 High 🔥 No GHSA Exploit Web CVSS 8.7 🎯 EPSS 0.03%

📋 الوصف الكامل

### Impact Stored XSS vulnerability in the media plugin. Attackers can inject malicious scripts via crafted `data-mce-*` attributes, which are executed when content is rendered. Impacts users of TinyMCE with the media plugin enabled. ### Patches This vulnerability has been patched in TinyMCE 8.5.1, TinyMCE 7.9.3 and TinyMCE 5.11.1 LTS by ensuring that, when using the media plugin, any content wit

💻 الأنظمة المتأثرة

GHSA: TinyMCE Cross-Site

⚠️ نوع التهديد

Exploit

🔗 CVE ID

CVE-2026-47761

📡 المصدر

GHSA

✅ الحلول والتخفيف

🔗 المصدر الأصلي ← 📘 NVD ← ⚡ CISA KEV ←