Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Upgrade TinyMCE to fix Cross-site scripting vulnerabilities #366

Closed
sks444 opened this issue Aug 23, 2021 · 4 comments
Closed

Upgrade TinyMCE to fix Cross-site scripting vulnerabilities #366

sks444 opened this issue Aug 23, 2021 · 4 comments

Comments

@sks444
Copy link
Member

sks444 commented Aug 23, 2021

Fixed in 5.6.0 GHSA-w7jx-j77m-wp65

Fixed in 5.7.1 GHSA-5vm8-hhgr-jcjp

claudep added a commit to claudep/django-tinymce that referenced this issue Aug 23, 2021
@bachvtuan
Copy link

Is this get fixed ?
Github still warning about XSS issue when using this package.

@GriceTurrble
Copy link

v3.3.0 on PyPI installs TinyMCE 5.5.0, which includes the vulnerability.

master branch here appears more up-to-date, with TinyMCE 5.10.1 as of a couple weeks back.

Any timeline for a new version release on PyPI to bring in this update?

@claudep
Copy link
Contributor

claudep commented Nov 25, 2021

3.4.0 was released today.

@claudep claudep closed this as completed Nov 25, 2021
@GriceTurrble
Copy link

Suggest updating this vuln with the patched version, as well: GHSA-r8hm-w5f7-wj39

Thanks for the updated release!

# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants