TinyMCE Cross-Site Scripting (XSS) vulnerability using sanitization bypass through nested...

8.7 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Description

TinyMCE is an open source rich text editor. From 6.8.0 to before 7.1.0, TinyMCE contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using nested elements can bypass attribute sanitization and execute arbitrary JavaScript. This vulnerability is fixed in 7.1.0.

AI Analysis

XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer

Basic Information

ID CVE-2026-47760

Source GitHub_M

Published May 28, 2026 at 15:18

Affected Product

Vendor tinymce

Product tinymce

Version >= 6.0.0, < 7.1.0

Affected Versions tinymce tinymce >= 6.0.0, < 7.1.0

CWE Classification

CWE-79

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor TinyMCE

Product TinyMCE

Version 6.8.0 to before 7.1.0

References

github.com /tinymce/tinymce/security/advisories/GHSA-mh5m-5hw4-5c69

{
    "lastseen": "",
    "description": "TinyMCE is an open source rich text editor. From 6.8.0 to before 7.1.0, TinyMCE contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using nested elements can bypass attribute sanitization and execute arbitrary JavaScript. This vulnerability is fixed in 7.1.0.",
    "published": "2026-05-28T15:18:22.509Z",
    "modified": "2026-05-28T15:18:22.509Z",
    "type": "cve",
    "title": "TinyMCE Cross-Site Scripting (XSS) vulnerability using sanitization bypass through nested SVGs",
    "source": "GitHub_M",
    "references": "https://github.com/tinymce/tinymce/security/advisories/GHSA-mh5m-5hw4-5c69",
    "id": "CVE-2026-47760",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "tinymce tinymce >= 6.0.0, < 7.1.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "tinymce",
    "version": ">= 6.0.0, < 7.1.0",
    "vendor": "tinymce",
    "ai_description": "XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer",
    "ai_severity": "High",
    "ai_vendor": "TinyMCE",
    "ai_product": "TinyMCE",
    "ai_version": "6.8.0 to before 7.1.0",
    "ai_score": 8.7
}

TinyMCE Cross-Site Scripting (XSS) vulnerability using sanitization bypass through nested SVGs_CVE-2026-47760