Vulnerability Database

322,904

Total vulnerabilities in the database

Pimcore TinyMCE Bundle - tinymce CVE-2024-29203, CVE-2024-29881

Impact

The TineMCE Bundle uses tinymce version 6.7.3. CVEs for this version exists for <6.8.1: https://nvd.nist.gov/vuln/detail/CVE-2024-29203 https://nvd.nist.gov/vuln/detail/CVE-2024-29881

Patches

The package should be updated to at least 6.8.1 to avoid XSS vulnerability.

Workarounds

Upgrade pimcore to release 11.2.3.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-29203 https://nvd.nist.gov/vuln/detail/CVE-2024-29881

Published: Apr 24, 2024
Updated: Apr 25, 2024
GHSA: GHSA-vjwg-28gv-pm8h
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWEs:

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
pimcore / pimcore	11.2.0	11.2.3
pimcore / pimcore	11.0.0-ALPHA1	11.1.6.5

https://github.com/pimcore/pimcore/security/advisories/GHSA-vjwg-28gv-pm8h

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo