mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
114 lines
4.5 KiB
JSON
114 lines
4.5 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-38357",
|
|
"ASSIGNER": "security-advisories@github.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE\u2019s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor. This vulnerability has been patched in TinyMCE 7.2.0, TinyMCE 6.8.4 and TinyMCE 5.11.0 LTS by ensuring that content within noscript elements are properly parsed. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n"
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
|
|
"cweId": "CWE-79"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "tinymce",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "tinymce",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "< 5.11.0"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": ">= 6.0.0, <6.8.4"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": ">= 7.0.0, < 7.2.0"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://github.com/tinymce/tinymce/security/advisories/GHSA-w9jx-4g6g-rp7x",
|
|
"refsource": "MISC",
|
|
"name": "https://github.com/tinymce/tinymce/security/advisories/GHSA-w9jx-4g6g-rp7x"
|
|
},
|
|
{
|
|
"url": "https://github.com/tinymce/tinymce/commit/5acb741665a98e83d62b91713c800abbff43b00d",
|
|
"refsource": "MISC",
|
|
"name": "https://github.com/tinymce/tinymce/commit/5acb741665a98e83d62b91713c800abbff43b00d"
|
|
},
|
|
{
|
|
"url": "https://owasp.org/www-community/attacks/xss",
|
|
"refsource": "MISC",
|
|
"name": "https://owasp.org/www-community/attacks/xss"
|
|
},
|
|
{
|
|
"url": "https://www.tiny.cloud/docs/tinymce/6/6.8.4-release-notes/#overview",
|
|
"refsource": "MISC",
|
|
"name": "https://www.tiny.cloud/docs/tinymce/6/6.8.4-release-notes/#overview"
|
|
},
|
|
{
|
|
"url": "https://www.tiny.cloud/docs/tinymce/7/7.2-release-notes/#overview",
|
|
"refsource": "MISC",
|
|
"name": "https://www.tiny.cloud/docs/tinymce/7/7.2-release-notes/#overview"
|
|
}
|
|
]
|
|
},
|
|
"source": {
|
|
"advisory": "GHSA-w9jx-4g6g-rp7x",
|
|
"discovery": "UNKNOWN"
|
|
},
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 6.1,
|
|
"baseSeverity": "MEDIUM",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"scope": "CHANGED",
|
|
"userInteraction": "REQUIRED",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
|
|
"version": "3.1"
|
|
}
|
|
]
|
|
}
|
|
} |