tinyMCE – XSS Vulnerability On Versions Between 5.0.0 And 5.1.4, On The Core Parser, Paste And visualcharts Plugins

< 1 min read

Impact area

Security

Severity

High

Affected element

ServiceNow

UI Script

Salesforce

Static Resource

Rule number #

SN-JSL-TINYMCE-BETWEEN-V500-V514(for ServiceNow)

SF-JSL-TINYMCE-BETWEEN-V500-V514(for Salesforce)

Impact #

The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor via the clipboard or APIs.

Remediation #

Update tinyMCE to the latest version.

Time to fix #

30 min

References #

This rule is linked to Common Weakness Enumeration CWE-79 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’).

Updated on March 21, 2025

Table of contents

Rule number
Impact
Remediation
- Time to fix
References

Was it helpful ?

Happy
Normal
Sad

Get Started

Quality Clouds For ServiceNow

Quality Clouds For Salesforce

Quality Clouds For Office 365

tinyMCE – XSS Vulnerability On Versions Between 5.0.0 And 5.1.4, On The Core Parser, Paste And visualcharts Plugins

Rule number #

Impact #

Remediation #

Time to fix #

References #

Was it helpful ?

tinyMCE – XSS Vulnerability On Versions Between 5.0.0 And 5.1.4, On The Core Parser, Paste And visualcharts Plugins

Rule number #

Impact #

Remediation #

Time to fix #

References #

Share This Article :

Was it helpful ?