CVE-2024-21910

CVE-2024-21910: Cross-site scripting vulnerability in TinyMCE plugins

Weakness CWE-79 · XSS
Published January 3, 2024
Last update November 28, 2025

CVSS base score

What the vulnerability does

01Description

TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser.

Key dates

02Disclosure timeline

January 3, 2024 CVE published
November 28, 2025 Record updated