WS-2023-0276 (Medium) detected in tinymce-4.9.11.min.js #79

mend-bolt-for-github · 2023-10-10T06:15:28Z

WS-2023-0276 - Medium Severity Vulnerability

Vulnerable Library - tinymce-4.9.11.min.js

TinyMCE rich text editor

Path to vulnerable library: /wp-content/themes/Divi/includes/builder/frontend-builder/assets/vendors/tinymce.min.js

Dependency Hierarchy:

Found in base branch: main

Vulnerability Details

Silverstripe has Cross-site Scripting (XSS) vulnerabilities inherited from TinyMCE

Publish Date: 2023-07-31

CVSS 3 Score Details (5.4)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2023-07-31

Fix Resolution: 1.13.6

Step up your Open Source Security Game with Mend here

mend-bolt-for-github bot added the Mend: dependency security vulnerability Security vulnerability detected by WhiteSource label Oct 10, 2023