CVE-2024-29203 - Vulnerability Details - OpenCVE

TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content insertion code. This allowed `iframe` elements containing malicious code to execute when inserted into the editor. These `iframe` elements are restricted in their permissions by same-origin browser protections, but could still trigger operations such as downloading of malicious assets. This vulnerability is fixed in 6.8.1.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Tinymce	Tinymce

No data.

No data.

References

Link	Providers
https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1
https://github.com/tinymce/tinymce/security/advisories/GHSA-438c-3975-5x3f
https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types
https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#sandbox_iframes-editor-option-is-now-defaulted-to-true

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-03-26T13:23:53.673Z

Updated: 2024-08-06T14:37:35.656Z

Reserved: 2024-03-18T17:07:00.096Z

Link: CVE-2024-29203

Vulnrichment

Updated: 2024-08-02T01:10:54.517Z

NVD

Status : Awaiting Analysis

Published: 2024-03-26T14:15:08.747

Modified: 2024-11-21T09:07:48.683

Link: CVE-2024-29203

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-29203", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-03-18T17:07:00.096Z", "datePublished": "2024-03-26T13:23:53.673Z", "dateUpdated": "2024-08-06T14:37:35.656Z"}, "containers": {"cna": {"title": "TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/tinymce/tinymce/security/advisories/GHSA-438c-3975-5x3f", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/tinymce/tinymce/security/advisories/GHSA-438c-3975-5x3f"}, {"name": "https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1", "tags": ["x_refsource_MISC"], "url": "https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1"}, {"name": "https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types", "tags": ["x_refsource_MISC"], "url": "https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types"}, {"name": "https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#sandbox_iframes-editor-option-is-now-defaulted-to-true", "tags": ["x_refsource_MISC"], "url": "https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#sandbox_iframes-editor-option-is-now-defaulted-to-true"}], "affected": [{"vendor": "tinymce", "product": "tinymce", "versions": [{"version": "< 6.8.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-26T13:23:53.673Z"}, "descriptions": [{"lang": "en", "value": "TinyMCE is an open source rich text editor. A\u00a0cross-site scripting (XSS) vulnerability was discovered in TinyMCE\u2019s content insertion code. This allowed `iframe` elements containing malicious code to execute when inserted into the editor. These `iframe` elements are restricted in their permissions by same-origin browser protections, but could still trigger operations such as downloading of malicious assets. This vulnerability is fixed in 6.8.1."}], "source": {"advisory": "GHSA-438c-3975-5x3f", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:10:54.517Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/tinymce/tinymce/security/advisories/GHSA-438c-3975-5x3f", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/tinymce/tinymce/security/advisories/GHSA-438c-3975-5x3f"}, {"name": "https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1"}, {"name": "https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types"}, {"name": "https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#sandbox_iframes-editor-option-is-now-defaulted-to-true", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#sandbox_iframes-editor-option-is-now-defaulted-to-true"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-06T14:37:25.350576Z", "id": "CVE-2024-29203", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-06T14:37:35.656Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/tinymce/tinymce/security/advisories/GHSA-438c-3975-5x3f", "name": "https://github.com/tinymce/tinymce/security/advisories/GHSA-438c-3975-5x3f", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1", "name": "https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types", "name": "https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#sandbox_iframes-editor-option-is-now-defaulted-to-true", "name": "https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#sandbox_iframes-editor-option-is-now-defaulted-to-true", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:10:54.517Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-29203", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-06T14:37:25.350576Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-06T14:37:32.175Z"}}], "cna": {"title": "TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes", "source": {"advisory": "GHSA-438c-3975-5x3f", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "tinymce", "product": "tinymce", "versions": [{"status": "affected", "version": "< 6.8.1"}]}], "references": [{"url": "https://github.com/tinymce/tinymce/security/advisories/GHSA-438c-3975-5x3f", "name": "https://github.com/tinymce/tinymce/security/advisories/GHSA-438c-3975-5x3f", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1", "name": "https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1", "tags": ["x_refsource_MISC"]}, {"url": "https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types", "name": "https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types", "tags": ["x_refsource_MISC"]}, {"url": "https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#sandbox_iframes-editor-option-is-now-defaulted-to-true", "name": "https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#sandbox_iframes-editor-option-is-now-defaulted-to-true", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "TinyMCE is an open source rich text editor. A\u00a0cross-site scripting (XSS) vulnerability was discovered in TinyMCE\u2019s content insertion code. This allowed `iframe` elements containing malicious code to execute when inserted into the editor. These `iframe` elements are restricted in their permissions by same-origin browser protections, but could still trigger operations such as downloading of malicious assets. This vulnerability is fixed in 6.8.1."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-26T13:23:53.673Z"}}}, "cveMetadata": {"cveId": "CVE-2024-29203", "state": "PUBLISHED", "dateUpdated": "2024-08-06T14:37:35.656Z", "dateReserved": "2024-03-18T17:07:00.096Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-03-26T13:23:53.673Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "TinyMCE is an open source rich text editor. A\u00a0cross-site scripting (XSS) vulnerability was discovered in TinyMCE\u2019s content insertion code. This allowed `iframe` elements containing malicious code to execute when inserted into the editor. These `iframe` elements are restricted in their permissions by same-origin browser protections, but could still trigger operations such as downloading of malicious assets. This vulnerability is fixed in 6.8.1."}, {"lang": "es", "value": "TinyMCE es un editor de texto enriquecido de c\u00f3digo abierto. Se descubri\u00f3 una vulnerabilidad de cross-site scripting (XSS) en el c\u00f3digo de inserci\u00f3n de contenido de TinyMCE. Esto permiti\u00f3 que se ejecutaran elementos `iframe` que conten\u00edan c\u00f3digo malicioso cuando se insertaban en el editor. Estos elementos \"iframe\" tienen permisos restringidos por protecciones del navegador del mismo origen, pero a\u00fan as\u00ed podr\u00edan desencadenar operaciones como la descarga de activos maliciosos. Esta vulnerabilidad se solucion\u00f3 en 6.8.1."}], "id": "CVE-2024-29203", "lastModified": "2024-11-21T09:07:48.683", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-03-26T14:15:08.747", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1"}, {"source": "security-advisories@github.com", "url": "https://github.com/tinymce/tinymce/security/advisories/GHSA-438c-3975-5x3f"}, {"source": "security-advisories@github.com", "url": "https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types"}, {"source": "security-advisories@github.com", "url": "https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#sandbox_iframes-editor-option-is-now-defaulted-to-true"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/tinymce/tinymce/security/advisories/GHSA-438c-3975-5x3f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#sandbox_iframes-editor-option-is-now-defaulted-to-true"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Secondary"}]}