UBUNTU-CVE-2024-29203

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2024-29203

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-29203.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2024-29203

Related

CVE-2024-29203

Published

2024-03-26T14:15:00Z

Modified

2025-01-13T10:25:15Z

Summary

[none]

Details

TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content insertion code. This allowed iframe elements containing malicious code to execute when inserted into the editor. These iframe elements are restricted in their permissions by same-origin browser protections, but could still trigger operations such as downloading of malicious assets. This vulnerability is fixed in 6.8.1.

References

Affected packages

Ubuntu:Pro:16.04:LTS / tinymce

Package

Name: tinymce
Purl: pkg:deb/ubuntu/tinymce@3.4.8+dfsg0-1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.4.8+dfsg0-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / tinymce

Package

Name: tinymce
Purl: pkg:deb/ubuntu/tinymce@3.4.8+dfsg0-2?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.4.8+dfsg0-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / tinymce

Package

Name: tinymce
Purl: pkg:deb/ubuntu/tinymce@3.4.8+dfsg0-2?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.4.8+dfsg0-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}