CVE-2026-47760
Published
CVSS v3
8.7
HIGH
CVSS v2
N/A
Affected
1
PROJECT
Description
TinyMCE is an open source rich text editor. From 6.8.0 to before 7.1.0, TinyMCE contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using nested elements can bypass attribute sanitization and execute arbitrary JavaScript. This vulnerability is fixed in 7.1.0.
The world's #1 JavaScript library for rich text editing. Available for React, Vue and Angular
GitHub