The TineMCE Bundle uses tinymce version 6.7.3. CVEs for this version exists for <6.8.1: https://nvd.nist.gov/vuln/detail/CVE-2024-29203 https://nvd.nist.gov/vuln/detail/CVE-2024-29881
The package should be updated to at least 6.8.1 to avoid XSS vulnerability.
Upgrade pimcore to release 11.2.3 or 11.1.6.5.
https://nvd.nist.gov/vuln/detail/CVE-2024-29203 https://nvd.nist.gov/vuln/detail/CVE-2024-29881
{ "nvd_published_at": null, "cwe_ids": [ "CWE-1395", "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-04-24T17:02:33Z" }