ByteOS Network

NVD Vulnerability Details :

CVE-2026-47762

Analyzed

Source-security-advisories@github.com

Published At-28 May, 2026 | 16:16

Updated At-28 May, 2026 | 19:18

TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via forged mce:protected comments. Allows attackers to bypass sanitization and inject scripts that execute when content is restored. Impacts users who utilize the protect option. This vulnerability is fixed in 5.11.1, 7.9.3, and 8.5.1.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	8.7	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Primary	3.1	5.4	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Type: Secondary

Version: 3.1

Base score: 8.7

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Type: Primary

Version: 3.1

Base score: 5.4

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CPE Matches

tiny>>tinymce>>Versions before 5.11.1(exclusive)

cpe:2.3:a:tiny:tinymce:*:*:*:*:*:*:*:*

tiny>>tinymce>>Versions from 6.0.0(inclusive) to 7.9.3(exclusive)

cpe:2.3:a:tiny:tinymce:*:*:*:*:*:*:*:*

tiny>>tinymce>>Versions from 8.0.0(inclusive) to 8.5.1(exclusive)

cpe:2.3:a:tiny:tinymce:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	security-advisories@github.com

CWE ID: CWE-79

Type: Primary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/tinymce/tinymce/security/advisories/GHSA-v98h-vmpc-fpqv	security-advisories@github.com	Vendor Advisory
https://www.tiny.cloud/docs/tinymce/7/7.9.3-release-notes/#overview	security-advisories@github.com	Release Notes
https://www.tiny.cloud/docs/tinymce/8/8.5.1-release-notes/#overview	security-advisories@github.com	Release Notes

Hyperlink: https://github.com/tinymce/tinymce/security/advisories/GHSA-v98h-vmpc-fpqv

Source: security-advisories@github.com

Resource:

Vendor Advisory

Hyperlink: https://www.tiny.cloud/docs/tinymce/7/7.9.3-release-notes/#overview

Source: security-advisories@github.com

Resource:

Release Notes

Hyperlink: https://www.tiny.cloud/docs/tinymce/8/8.5.1-release-notes/#overview

Source: security-advisories@github.com

Resource:

Release Notes

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History